518 files changed, 104061 insertions, 716 deletions

diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
new file mode 100644
index 0000000000..947dd5d44e
--- /dev/null
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -0,0 +1,217 @@
+#
+# OpenSSL/crypto/Makefile
+#
+
+DIR=            crypto
+TOP=            ..
+CC=             cc
+INCLUDE=        -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
+# INCLUDES targets sudbirs!
+INCLUDES=       -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
+CFLAG=          -g
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+RM=             rm -f
+AR=             ar r
+
+RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
+                    (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
+                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \
+                done;
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG)
+ASFLAGS= $(INCLUDE) $(ASFLAG)
+AFLAGS=$(ASFLAGS)
+CPUID_OBJ=mem_clr.o
+
+LIBS=
+
+GENERAL=Makefile README crypto-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
+        uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+        ossl_typ.h
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: shared
+
+buildinf.h: ../Makefile
+        ( echo "#ifndef MK1MF_BUILD"; \
+        echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+        echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+        echo '  #define PLATFORM "$(PLATFORM)"'; \
+        echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+        echo '#endif' ) >buildinf.h
+
+x86cpuid.s:     x86cpuid.pl perlasm/x86asm.pl
+        $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+applink.o:      $(TOP)/ms/applink.c
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c
+
+uplink.o:       $(TOP)/ms/uplink.c applink.o
+        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
+
+uplink-x86.s:   $(TOP)/ms/uplink-x86.pl
+        $(PERL) $(TOP)/ms/uplink-x86.pl $(PERLASM_SCHEME) > $@
+
+x86_64cpuid.s: x86_64cpuid.pl;  $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
+ia64cpuid.s: ia64cpuid.S;       $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+ppccpuid.s:     ppccpuid.pl;    $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
+pariscid.s:     pariscid.pl;    $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
+alphacpuid.s:   alphacpuid.pl
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+
+testapps:
+        [ -z "$(THIS)" ] || (   if echo $(SDIRS) | fgrep ' des '; \
+                                then cd des && $(MAKE) -e des; fi )
+        [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
+        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+subdirs:
+        @target=all; $(RECURSIVE_MAKE)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+        @target=files; $(RECURSIVE_MAKE)
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+        @target=links; $(RECURSIVE_MAKE)
+
+# lib: $(LIB): are splitted to avoid end-less loop
+lib:    $(LIB)
+        @touch lib
+$(LIB): $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+        $(RANLIB) $(LIB) || echo Never mind.
+
+shared: buildinf.h lib subdirs
+        if [ -n "$(SHARED_LIBS)" ]; then \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
+        fi
+
+libs:
+        @target=lib; $(RECURSIVE_MAKE)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+        do \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+        @target=install; $(RECURSIVE_MAKE)
+
+lint:
+        @target=lint; $(RECURSIVE_MAKE)
+
+depend:
+        @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
+        @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+        @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+        @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+clean:
+        rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @target=clean; $(RECURSIVE_MAKE)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        rm -f opensslconf.h
+        @target=dclean; $(RECURSIVE_MAKE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cpt_err.o: ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c
+cryptlib.o: cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h cversion.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+ex_data.o: ex_data.c
+fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem.o: mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_dbg.o: mem_dbg.c
+o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_dir.o: LPdir_unix.c o_dir.c o_dir.h
+o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h
+o_fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+o_fips.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+o_fips.o: o_fips.c
+o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
+o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+o_init.o: ../include/openssl/symhacks.h o_init.c
+o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_str.o: o_str.c o_str.h
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c
diff --git a/src/lib/libcrypto/LPdir_nyi.c b/src/lib/libcrypto/LPdir_nyi.c
new file mode 100644
index 0000000000..6c1a50e6a8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_nyi.c
@@ -0,0 +1,42 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+struct LP_dir_context_st { void *dummy; };
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+        {
+        errno = EINVAL;
+        return 0;
+        }
+int LP_find_file_end(LP_DIR_CTX **ctx)
+        {
+        errno = EINVAL;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/LPdir_unix.c b/src/lib/libcrypto/LPdir_unix.c
new file mode 100644
index 0000000000..b004cd99e8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_unix.c
@@ -0,0 +1,127 @@
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* The POSIXly macro for the maximum number of characters in a file path
+   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
+   Therefore, it seems natural to first check for PATH_MAX and use that,
+   and if it doesn't exist, use NAME_MAX. */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+   exist.  It's also possible that NAME_MAX exists but is define to a
+   very small value (HP-UX offers 14), so we need to check if we got a
+   result, and if it meets a minimum standard, and create or change it
+   if not. */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st
+{
+  DIR *dir;
+  char entry_name[LP_ENTRY_SIZE+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  struct dirent *direntry = NULL;
+
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      (*ctx)->dir = opendir(directory);
+      if ((*ctx)->dir == NULL)
+        {
+          int save_errno = errno; /* Probably not needed, but I'm paranoid */
+          free(*ctx);
+          *ctx = NULL;
+          errno = save_errno;
+          return 0;
+        }
+    }
+
+  direntry = readdir((*ctx)->dir);
+  if (direntry == NULL)
+    {
+      return 0;
+    }
+
+  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+  return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int ret = closedir((*ctx)->dir);
+
+      free(*ctx);
+      switch (ret)
+        {
+        case 0:
+          return 1;
+        case -1:
+          return 0;
+        default:
+          break;
+        }
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_vms.c b/src/lib/libcrypto/LPdir_vms.c
new file mode 100644
index 0000000000..7613bd254e
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_vms.c
@@ -0,0 +1,206 @@
+/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+#include "vms_rms.h"
+
+/* Some compiler options hide EVMSERR. */
+#ifndef EVMSERR
+# define EVMSERR        65535  /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st
+{
+  unsigned long VMS_context;
+  char filespec[ NAMX_MAXRSS+ 1];
+  char result[ NAMX_MAXRSS+ 1];
+  struct dsc$descriptor_d filespec_dsc;
+  struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  int status;
+  char *p, *r;
+  size_t l;
+  unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
+#ifdef NAML$C_MAXRSS
+  flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      size_t filespeclen = strlen(directory);
+      char *filespec = NULL;
+
+      /* MUST be a VMS directory specification!  Let's estimate if it is. */
+      if (directory[filespeclen-1] != ']'
+          && directory[filespeclen-1] != '>'
+          && directory[filespeclen-1] != ':')
+        {
+          errno = EINVAL;
+          return 0;
+        }
+
+      filespeclen += 4;         /* "*.*;" */
+
+      if (filespeclen > NAMX_MAXRSS)
+        {
+          errno = ENAMETOOLONG;
+          return 0;
+        }
+
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      strcpy((*ctx)->filespec,directory);
+      strcat((*ctx)->filespec,"*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+      (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+      (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+      (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
+    }
+
+  (*ctx)->result_dsc.dsc$w_length = 0;
+  (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+  (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+  (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                         &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+  if (status == RMS$_NMF)
+    {
+      errno = 0;
+      vaxc$errno = status;
+      return NULL;
+    }
+
+  if(!$VMS_STATUS_SUCCESS(status))
+    {
+      errno = EVMSERR;
+      vaxc$errno = status;
+      return NULL;
+    }
+
+  /* Quick, cheap and dirty way to discard any device and directory,
+     since we only want file names */
+  l = (*ctx)->result_dsc.dsc$w_length;
+  p = (*ctx)->result_dsc.dsc$a_pointer;
+  r = p;
+  for (; *p; p++)
+    {
+      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+        {
+          p++;
+        }
+      else if (*p == ':' || *p == '>' || *p == ']')
+        {
+          l -= p + 1 - r;
+          r = p + 1;
+        }
+      else if (*p == ';')
+        {
+          l = p - r;
+          break;
+        }
+    }
+
+  strncpy((*ctx)->result, r, l);
+  (*ctx)->result[l] = '\0';
+  str$free1_dx(&(*ctx)->result_dsc);
+
+  return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+      free(*ctx);
+
+      if(!$VMS_STATUS_SUCCESS(status))
+        {
+          errno = EVMSERR;
+          vaxc$errno = status;
+          return 0;
+        }
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
+
diff --git a/src/lib/libcrypto/LPdir_win.c b/src/lib/libcrypto/LPdir_win.c
new file mode 100644
index 0000000000..702dbc730f
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win.c
@@ -0,0 +1,153 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <windows.h>
+#include <tchar.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+
+/* We're most likely overcautious here, but let's reserve for
+    broken WinCE headers and explicitly opt for UNICODE call.
+    Keep in mind that our WinCE builds are compiled with -DUNICODE
+    [as well as -D_UNICODE]. */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
+
+struct LP_dir_context_st
+{
+  WIN32_FIND_DATA ctx;
+  HANDLE handle;
+  char entry_name[NAME_MAX+1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+      if (sizeof(TCHAR) != sizeof(char))
+        {
+          TCHAR *wdir = NULL;
+          /* len_0 denotes string length *with* trailing 0 */ 
+          size_t index = 0,len_0 = strlen(directory) + 1;
+
+          wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+          if (wdir == NULL)
+            {
+              free(*ctx);
+              *ctx = NULL;
+              errno = ENOMEM;
+              return 0;
+            }
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+          if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+#endif
+            for (index = 0; index < len_0; index++)
+              wdir[index] = (TCHAR)directory[index];
+
+          (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+
+          free(wdir);
+        }
+      else
+        (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+
+      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+        {
+          free(*ctx);
+          *ctx = NULL;
+          errno = EINVAL;
+          return 0;
+        }
+    }
+  else
+    {
+      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+        {
+          return 0;
+        }
+    }
+
+  if (sizeof(TCHAR) != sizeof(char))
+    {
+      TCHAR *wdir = (*ctx)->ctx.cFileName;
+      size_t index, len_0 = 0;
+
+      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
+      len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+                               sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+        for (index = 0; index < len_0; index++)
+          (*ctx)->entry_name[index] = (char)wdir[index];
+    }
+  else
+    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+            sizeof((*ctx)->entry_name)-1);
+
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
+
+  return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      FindClose((*ctx)->handle);
+      free(*ctx);
+      *ctx = NULL;
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_win32.c b/src/lib/libcrypto/LPdir_win32.c
new file mode 100644
index 0000000000..e39872da52
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win32.c
@@ -0,0 +1,30 @@
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/LPdir_wince.c b/src/lib/libcrypto/LPdir_wince.c
new file mode 100644
index 0000000000..ab0e1e6f4f
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_wince.c
@@ -0,0 +1,31 @@
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
+   under investigation what the exact conditions would be */
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
new file mode 100644
index 0000000000..c0496ca2d1
--- /dev/null
+++ b/src/lib/libcrypto/Makefile
@@ -0,0 +1,24 @@
+# $OpenBSD: Makefile,v 1.1 2014/04/11 22:51:53 miod Exp $
+
+SUBDIR=crypto man
+PC_FILES=libcrypto.pc
+
+CLEANFILES=${PC_FILES}
+
+distribution:
+        ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+           ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \
+        ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+           ${.CURDIR}/cert.pem ${DESTDIR}/etc/ssl/cert.pem && \
+        ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
+           ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf
+
+beforeinstall:
+        /bin/sh ${.CURDIR}/generate_pkgconfig.sh -c ${.CURDIR} -o ${.OBJDIR}
+.for p in ${PC_FILES}
+        ${INSTALL} ${INSTALL_COPY} -o root -g ${SHAREGRP} \
+            -m ${SHAREMODE} ${.OBJDIR}/$p ${DESTDIR}/usr/lib/pkgconfig/
+.endfor
+
+.include <bsd.prog.mk>
+.include <bsd.subdir.mk>
diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile
new file mode 100644
index 0000000000..45ede0a0b4
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile
@@ -0,0 +1,153 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+AES_ENC=aes_core.o aes_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
+       aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
+       $(AES_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+aes-ia64.s: asm/aes-ia64.S
+        $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
+
+aes-586.s:      asm/aes-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+vpaes-x86.s:    asm/vpaes-x86.pl ../perlasm/x86asm.pl
+        $(PERL) asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+aesni-x86.s:    asm/aesni-x86.pl ../perlasm/x86asm.pl
+        $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+aes-x86_64.s: asm/aes-x86_64.pl
+        $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
+vpaes-x86_64.s: asm/vpaes-x86_64.pl
+        $(PERL) asm/vpaes-x86_64.pl $(PERLASM_SCHEME) > $@
+bsaes-x86_64.s: asm/bsaes-x86_64.pl
+        $(PERL) asm/bsaes-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-x86_64.s: asm/aesni-x86_64.pl
+        $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-sha1-x86_64.s:    asm/aesni-sha1-x86_64.pl
+        $(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) > $@
+
+aes-sparcv9.s: asm/aes-sparcv9.pl
+        $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+
+aes-ppc.s:      asm/aes-ppc.pl
+        $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+
+aes-parisc.s:   asm/aes-parisc.pl
+        $(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
+
+aes-mips.S:     asm/aes-mips.pl
+        $(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
+
+# GNU make "catch all"
+aes-%.S:        asm/aes-%.pl;   $(PERL) $< $(PERLASM_SCHEME) > $@
+aes-armv4.o:    aes-armv4.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
+aes_ige.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
+aes_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_misc.o: ../../include/openssl/symhacks.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
+aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
+aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+aes_wrap.o: ../../include/openssl/opensslconf.h
+aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 34cbb5d844..48fa857d5b 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -36,8 +36,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index 0dbb194b8d..499f3b3f42 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -172,8 +172,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
 @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
diff --git a/src/lib/libcrypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/arch/alpha/opensslconf.h
new file mode 100644
index 0000000000..30f6acfbb1
--- /dev/null
+++ b/src/lib/libcrypto/arch/alpha/opensslconf.h
@@ -0,0 +1,271 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/arch/amd64/opensslconf.h
new file mode 100644
index 0000000000..f969fd75e4
--- /dev/null
+++ b/src/lib/libcrypto/arch/amd64/opensslconf.h
@@ -0,0 +1,268 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/arm/opensslconf.h b/src/lib/libcrypto/arch/arm/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/arm/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/arch/hppa/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/hppa/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/hppa64/opensslconf.h b/src/lib/libcrypto/arch/hppa64/opensslconf.h
new file mode 100644
index 0000000000..f8f478ff52
--- /dev/null
+++ b/src/lib/libcrypto/arch/hppa64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/i386/opensslconf.h b/src/lib/libcrypto/arch/i386/opensslconf.h
new file mode 100644
index 0000000000..f7b5a6dc38
--- /dev/null
+++ b/src/lib/libcrypto/arch/i386/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/arch/m88k/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/m88k/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/arch/mips64/opensslconf.h
new file mode 100644
index 0000000000..e55282fd63
--- /dev/null
+++ b/src/lib/libcrypto/arch/mips64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/arch/powerpc/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/powerpc/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/sh/opensslconf.h b/src/lib/libcrypto/arch/sh/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/sh/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/arch/sparc/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/sparc/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/arch/sparc64/opensslconf.h
new file mode 100644
index 0000000000..e55282fd63
--- /dev/null
+++ b/src/lib/libcrypto/arch/sparc64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/arch/vax/bn_asm_vax.S b/src/lib/libcrypto/arch/vax/bn_asm_vax.S
new file mode 100644
index 0000000000..2969ae9dac
--- /dev/null
+++ b/src/lib/libcrypto/arch/vax/bn_asm_vax.S
@@ -0,0 +1,436 @@
+#       $OpenBSD: bn_asm_vax.S,v 1.1 2014/04/11 22:51:53 miod Exp $
+#       $NetBSD: bn_asm_vax.S,v 1.1 2003/11/03 10:22:28 ragge Exp $
+
+#include <machine/asm.h>
+
+# w.j.m. 15-jan-1999
+#
+# it's magic ...
+#
+# ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+#       ULONG c = 0;
+#       int i;
+#       for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+#       return c;
+# }
+
+ENTRY(bn_mul_add_words,R6)
+        movl    4(%ap),%r2              # *r
+        movl    8(%ap),%r3              # *a
+        movl    12(%ap),%r4             # n
+        movl    16(%ap),%r5             # w
+        clrl    %r6                     # return value ("carry")
+
+0:      emul    %r5,(%r3),(%r2),%r0     # w * a[0] + r[0] -> r0
+
+        # fixup for "negative" r[]
+        tstl    (%r2)
+        bgeq    1f
+        incl    %r1                     # add 1 to highword
+
+1:      # add saved carry to result
+        addl2   %r6,%r0
+        adwc    $0,%r1
+
+        # combined fixup for "negative" w, a[]
+        tstl    %r5             # if w is negative...
+        bgeq    1f
+        addl2   (%r3),%r1       # ...add a[0] again to highword
+1:      tstl    (%r3)           # if a[0] is negative...
+        bgeq    1f
+        addl2   %r5,%r1         # ...add w again to highword
+1:
+        movl    %r0,(%r2)+      # save low word in dest & advance *r
+        addl2   $4,%r3          # advance *a
+        movl    %r1,%r6         # high word in r6 for return value
+
+        sobgtr  %r4,0b          # loop?
+
+        movl    %r6,%r0
+        ret
+
+#       .title  vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
+#;
+#; w.j.m. 15-jan-1999
+#;
+#; it's magic ...
+#;
+#; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_mul_words,R6)
+        movl    4(%ap),%r2              # *r
+        movl    8(%ap),%r3              # *a
+        movl    12(%ap),%r4             # n
+        movl    16(%ap),%r5             # w
+        clrl    %r6                     # carry
+
+0:      emul    %r5,(%r3),%r6,%r0       # w * a[0] + carry -> r0
+
+        # fixup for "negative" carry
+        tstl    %r6
+        bgeq    1f
+        incl    %r1
+
+1:      # combined fixup for "negative" w, a[]
+        tstl    %r5
+        bgeq    1f
+        addl2   (%r3),%r1
+1:      tstl    (%r3)
+        bgeq    1f
+        addl2   %r5,%r1
+
+1:      movl    %r0,(%r2)+
+        addl2   $4,%r3
+        movl    %r1,%r6
+
+        sobgtr  %r4,0b
+
+        movl    %r6,%r0
+        ret
+
+
+
+#       .title  vax_bn_sqr_words  unsigned square, 32*32=>64
+#;
+#; w.j.m. 15-jan-1999
+#;
+#; it's magic ...
+#;
+#; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+#;      int i;
+#;      for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+#; }
+#
+
+ENTRY(bn_sqr_words,0)
+        movl    4(%ap),%r2              # r
+        movl    8(%ap),%r3              # a
+        movl    12(%ap),%r4             # n
+
+0:      movl    (%r3)+,%r5              # r5 = a[] & advance
+
+        emul    %r5,%r5,$0,%r0          # a[0] * a[0] + 0 -> r0
+
+        # fixup for "negative" a[]
+        tstl    %r5
+        bgeq    1f
+        addl2   %r5,%r1
+        addl2   %r5,%r1
+
+1:      movq    %r0,(%r2)+              # store 64-bit result
+
+        sobgtr  %r4,0b                  # loop
+
+        ret
+
+
+#       .title  vax_bn_div_words  unsigned divide
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+#; {
+#;      return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+#; }
+#;
+#; Using EDIV would be very easy, if it didn't do signed calculations.
+#; Any time any of the input numbers are signed, there are problems,
+#; usually with integer overflow, at which point it returns useless
+#; data (the quotient gets the value of l, and the remainder becomes 0).
+#;
+#; If it was just for the dividend, it would be very easy, just divide
+#; it by 2 (unsigned), do the division, multiply the resulting quotient
+#; and remainder by 2, add the bit that was dropped when dividing by 2
+#; to the remainder, and do some adjustment so the remainder doesn't
+#; end up larger than the divisor.  For some cases when the divisor is
+#; negative (from EDIV's point of view, i.e. when the highest bit is set),
+#; dividing the dividend by 2 isn't enough, and since some operations
+#; might generate integer overflows even when the dividend is divided by
+#; 4 (when the high part of the shifted down dividend ends up being exactly
+#; half of the divisor, the result is the quotient 0x80000000, which is
+#; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
+#; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
+#; In this case, a little extra fiddling with the remainder is required.
+#;
+#; So, the simplest way to handle this is always to divide the dividend
+#; by 8, and to divide the divisor by 2 if it's highest bit is set.
+#; After EDIV has been used, the quotient gets multiplied by 8 if the
+#; original divisor was positive, otherwise 4.  The remainder, oddly
+#; enough, is *always* multiplied by 8.
+#; NOTE: in the case mentioned above, where the high part of the shifted
+#; down dividend ends up being exactly half the shifted down divisor, we
+#; end up with a 33 bit quotient.  That's no problem however, it usually
+#; means we have ended up with a too large remainder as well, and the
+#; problem is fixed by the last part of the algorithm (next paragraph).
+#;
+#; The routine ends with comparing the resulting remainder with the
+#; original divisor and if the remainder is larger, subtract the
+#; original divisor from it, and increase the quotient by 1.  This is
+#; done until the remainder is smaller than the divisor.
+#;
+#; The complete algorithm looks like this:
+#;
+#; d'    = d
+#; l'    = l & 7
+#; [h,l] = [h,l] >> 3
+#; [q,r] = floor([h,l] / d)     # This is the EDIV operation
+#; if (q < 0) q = -q            # I doubt this is necessary any more
+#;
+#; r'    = r >> 29
+#; if (d' >= 0)
+#;   q'  = q >> 29
+#;   q   = q << 3
+#; else
+#;   q'  = q >> 30
+#;   q   = q << 2
+#; r     = (r << 3) + l'
+#;
+#; if (d' < 0)
+#;   {
+#;     [r',r] = [r',r] - q
+#;     while ([r',r] < 0)
+#;       {
+#;         [r',r] = [r',r] + d
+#;         [q',q] = [q',q] - 1
+#;       }
+#;   }
+#;
+#; while ([r',r] >= d')
+#;   {
+#;     [r',r] = [r',r] - d'
+#;     [q',q] = [q',q] + 1
+#;   }
+#;
+#; return q
+#
+#;r2 = l, q
+#;r3 = h, r
+#;r4 = d
+#;r5 = l'
+#;r6 = r'
+#;r7 = d'
+#;r8 = q'
+#
+
+ENTRY(bn_div_words,R6|R7|R8)
+        movl    4(%ap),%r3              # h
+        movl    8(%ap),%r2              # l
+        movl    12(%ap),%r4             # d
+
+        bicl3   $-8,%r2,%r5             # l' = l & 7
+        bicl3   $7,%r2,%r2
+
+        bicl3   $-8,%r3,%r6
+        bicl3   $7,%r3,%r3
+
+        addl2   %r6,%r2
+
+        rotl    $-3,%r2,%r2             # l = l >> 3
+        rotl    $-3,%r3,%r3             # h = h >> 3
+
+        movl    %r4,%r7                 # d' = d
+
+        clrl    %r6                     # r' = 0
+        clrl    %r8                     # q' = 0
+
+        tstl    %r4
+        beql    0f                      # Uh-oh, the divisor is 0...
+        bgtr    1f
+        rotl    $-1,%r4,%r4     # If d is negative, shift it right.
+        bicl2   $0x80000000,%r4 # Since d is then a large number, the
+                                # lowest bit is insignificant
+                                # (contradict that, and I'll fix the problem!)
+1:
+        ediv    %r4,%r2,%r2,%r3         # Do the actual division
+
+        tstl    %r2
+        bgeq    1f
+        mnegl   %r2,%r2         # if q < 0, negate it
+1:
+        tstl    %r7
+        blss    1f
+        rotl    $3,%r2,%r2      #   q = q << 3
+        bicl3   $-8,%r2,%r8     #   q' gets the high bits from q
+        bicl3   $7,%r2,%r2
+        brb     2f
+
+1:                              # else
+        rotl    $2,%r2,%r2      #   q = q << 2
+        bicl3   $-4,%r2,%r8     #   q' gets the high bits from q
+        bicl3   $3,%r2,%r2
+2:
+        rotl    $3,%r3,%r3      # r = r << 3
+        bicl3   $-8,%r3,%r6     # r' gets the high bits from r
+        bicl3   $7,%r3,%r3
+        addl2   %r5,%r3         # r = r + l'
+
+        tstl    %r7
+        bgeq    5f
+        bitl    $1,%r7
+        beql    5f              # if d' < 0 && d' & 1
+        subl2   %r2,%r3         #   [r',r] = [r',r] - [q',q]
+        sbwc    %r8,%r6
+3:
+        bgeq    5f              #   while r < 0
+        decl    %r2             #     [q',q] = [q',q] - 1
+        sbwc    $0,%r8
+        addl2   %r7,%r3         #     [r',r] = [r',r] + d'
+        adwc    $0,%r6
+        brb     3b
+
+# The return points are placed in the middle to keep a short distance from
+# all the branch points
+1:
+#       movl    %r3,%r1
+        movl    %r2,%r0
+        ret
+0:
+        movl    $-1,%r0
+        ret
+5:
+        tstl    %r6
+        bneq    6f
+        cmpl    %r3,%r7
+        blssu   1b              # while [r',r] >= d'
+6:
+        subl2   %r7,%r3         #   [r',r] = [r',r] - d'
+        sbwc    $0,%r6
+        incl    %r2             #   [q',q] = [q',q] + 1
+        adwc    $0,%r8
+        brb     5b
+
+
+
+#       .title  vax_bn_add_words  unsigned add of two arrays
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_add_words,0)
+        movl    4(%ap),%r2      # r
+        movl    8(%ap),%r3      # a
+        movl    12(%ap),%r4     # b
+        movl    16(%ap),%r5     # n
+        clrl    %r0
+
+        tstl    %r5
+        bleq    1f
+
+0:      movl    (%r3)+,%r1      # carry untouched
+        adwc    (%r4)+,%r1      # carry used and touched
+        movl    %r1,(%r2)+      # carry untouched
+        sobgtr  %r5,0b          # carry untouched
+
+        adwc    $0,%r0
+1:      ret
+
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_sub_words,R6)
+        movl    4(%ap),%r2      # r
+        movl    8(%ap),%r3      # a
+        movl    12(%ap),%r4     # b
+        movl    16(%ap),%r5     # n
+        clrl    %r0
+
+        tstl    %r5
+        bleq    1f
+
+0:      movl    (%r3)+,%r6      # carry untouched
+        sbwc    (%r4)+,%r6      # carry used and touched
+        movl    %r6,(%r2)+      # carry untouched
+        sobgtr  %r5,0b          # carry untouched
+
+1:      adwc    $0,%r0
+        ret
+
+#
+#       Ragge 20-Sep-2003
+#
+#       Multiply a vector of 4/8 longword by another.
+#       Uses two loops and 16/64 emuls.
+#
+
+ENTRY(bn_mul_comba4,R6|R7|R8|R9)
+        movl    $4,%r9          # 4*4
+        brb     6f
+
+ENTRY(bn_mul_comba8,R6|R7|R8|R9)
+        movl    $8,%r9          # 8*8
+
+6:      movl    8(%ap),%r3      # a[]
+        movl    12(%ap),%r7     # b[]
+        brb     5f
+
+ENTRY(bn_sqr_comba4,R6|R7|R8|R9)
+        movl    $4,%r9          # 4*4
+        brb 0f
+
+ENTRY(bn_sqr_comba8,R6|R7|R8|R9)
+        movl    $8,%r9          # 8*8
+
+0:
+        movl    8(%ap),%r3      # a[]
+        movl    %r3,%r7         # a[]
+
+5:      movl    4(%ap),%r5      # r[]
+        movl    %r9,%r8
+
+        clrq    (%r5)           # clear destinatino, for add.
+        clrq    8(%r5)
+        clrq    16(%r5)         # these only needed for comba8
+        clrq    24(%r5)
+
+2:      clrl    %r4             # carry
+        movl    %r9,%r6         # inner loop count
+        movl    (%r7)+,%r2      # value to multiply with
+
+1:      emul    %r2,(%r3),%r4,%r0
+        tstl    %r4
+        bgeq    3f
+        incl    %r1
+3:      tstl    %r2
+        bgeq    3f
+        addl2   (%r3),%r1
+3:      tstl    (%r3)
+        bgeq    3f
+        addl2   %r2,%r1
+
+3:      addl2   %r0,(%r5)+      # add to destination
+        adwc    $0,%r1          # remember carry
+        movl    %r1,%r4         # add carry in next emul
+        addl2   $4,%r3
+        sobgtr  %r6,1b
+
+        movl    %r4,(%r5)       # save highest add result
+
+        ashl    $2,%r9,%r4
+        subl2   %r4,%r3
+        subl2   $4,%r4
+        subl2   %r4,%r5
+
+        sobgtr  %r8,2b
+
+        ret
diff --git a/src/lib/libcrypto/arch/vax/opensslconf.h b/src/lib/libcrypto/arch/vax/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/arch/vax/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
new file mode 100644
index 0000000000..f7787005d4
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -0,0 +1,930 @@
+#
+# OpenSSL/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        tasn_prn.c ameth_lib.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        tasn_prn.o ameth_lib.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
+        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER) asn1_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bytes.o: ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_i2d_fp.o: ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_mbstr.o: ../cryptlib.h a_mbstr.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_octet.o: ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_print.o: ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h
+a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strnid.o: ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+a_verify.o: asn1_locl.h
+ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ameth_lib.o: ../../include/openssl/opensslconf.h
+ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c
+ameth_lib.o: asn1_locl.h
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_err.o: ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+asn1_gen.o: ../cryptlib.h asn1_gen.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_par.o: ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c
+asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_asn1.o: ../../include/openssl/opensslconf.h
+bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c
+bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pu.o: ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pu.o: ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_bitst.o: ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_pkey.o: ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h asn1_locl.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509a.o: ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_dec.o: ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_prn.o: ../../include/openssl/opensslconf.h
+tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c
+x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
+x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
new file mode 100644
index 0000000000..c79c6f538c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -0,0 +1,263 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+        {
+#ifdef CHARSET_EBCDIC
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+        len = tmpstr.length;
+        ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        tmpstr.data = tmp;
+
+        a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+        }
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+             unsigned char **pp, long length)
+        {
+        ASN1_GENERALIZEDTIME *ret=NULL;
+
+        ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_GENERALIZEDTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_GENERALIZEDTIME_free(ret);
+        return(NULL);
+        }
+
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+        {
+        static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int max[9]={99, 99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+
+        if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        /* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+        if (l < 13) goto err;
+        for (i=0; i<7; i++)
+                {
+                if ((i == 6) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        /* Optional fractional seconds: decimal point followed by one
+         * or more digits.
+         */
+        if (a[o] == '.')
+                {
+                if (++o > l) goto err;
+                i = o;
+                while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+                        o++;
+                /* Must have at least one digit after decimal point */
+                if (i == o) goto err;
+                }
+
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=7; i<9; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        else
+                {
+                /* Missing time zone information. */
+                goto err;
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+        {
+        ASN1_GENERALIZEDTIME t;
+
+        t.type=V_ASN1_GENERALIZEDTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_GENERALIZEDTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type=V_ASN1_GENERALIZEDTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+             time_t t)
+        {
+                return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+        }
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20; 
+
+        if (s == NULL)
+                s=M_ASN1_GENERALIZEDTIME_new();
+        if (s == NULL)
+                return(NULL);
+
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+
+        BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index 297c45a9ff..ad0d2506f6 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         int pad=0,ret,i,neg;
         unsigned char *p,*n,pb=0;
 
-        if (a == NULL) return(0);
+        if ((a == NULL) || (a->data == NULL)) return(0);
         neg=a->type & V_ASN1_NEG;
         if (a->length == 0)
                 ret=1;
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index ead37ac325..264ebf2393 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -567,7 +567,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         if(mbflag == -1) return -1;
         mbflag |= MBSTRING_FLAG;
         stmp.data = NULL;
-        stmp.length = 0;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
         *out = stmp.data;
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..072e236592
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -0,0 +1,318 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+        {
+#ifndef CHARSET_EBCDIC
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING x = *(ASN1_STRING *)a;
+
+        len = x.length;
+        ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        x.data = tmp;
+        return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
+        }
+
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+             long length)
+        {
+        ASN1_UTCTIME *ret=NULL;
+
+        ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_UTCTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_UTCTIME_free(ret);
+        return(NULL);
+        }
+
+#endif
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+        {
+        static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static const int max[8]={99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+
+        if (d->type != V_ASN1_UTCTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+
+        if (l < 11) goto err;
+        for (i=0; i<6; i++)
+                {
+                if ((i == 5) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=6; i<8; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+        {
+        ASN1_UTCTIME t;
+
+        t.type=V_ASN1_UTCTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_UTCTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type = V_ASN1_UTCTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+        {
+        return ASN1_UTCTIME_adj(s, t, 0, 0);
+        }
+
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20;
+
+        if (s == NULL)
+                s=M_ASN1_UTCTIME_new();
+        if (s == NULL)
+                return(NULL);
+
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
+
+        if((ts->tm_year < 50) || (ts->tm_year >= 150))
+                return NULL;
+
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+
+        BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
+
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+        {
+        struct tm *tm;
+        struct tm data;
+        int offset;
+        int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+        if (s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset = g2(s->data+13)*60+g2(s->data+15);
+                if (s->data[12] == '-')
+                        offset = -offset;
+                }
+
+        t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+        tm = OPENSSL_gmtime(&t, &data);
+        
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+        year = g2(s->data);
+        if (year < 50)
+                year += 100;
+        return_cmp(year,              tm->tm_year);
+        return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+        return_cmp(g2(s->data+4),     tm->tm_mday);
+        return_cmp(g2(s->data+6),     tm->tm_hour);
+        return_cmp(g2(s->data+8),     tm->tm_min);
+        return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+        return 0;
+        }
+
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+        {
+        struct tm tm;
+        int offset;
+
+        memset(&tm,'\0',sizeof tm);
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+        tm.tm_year=g2(s->data);
+        if(tm.tm_year < 50)
+                tm.tm_year+=100;
+        tm.tm_mon=g2(s->data+2)-1;
+        tm.tm_mday=g2(s->data+4);
+        tm.tm_hour=g2(s->data+6);
+        tm.tm_min=g2(s->data+8);
+        tm.tm_sec=g2(s->data+10);
+        if(s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset=g2(s->data+13)*60+g2(s->data+15);
+                if(s->data[12] == '-')
+                        offset= -offset;
+                }
+#undef g2
+
+        return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+                                       * instead of UTC, and unless we rewrite OpenSSL
+                                       * in Lisp we cannot locally change the timezone
+                                       * without possibly interfering with other parts
+                                       * of the program. timegm, which uses UTC, is
+                                       * non-standard.
+                                       * Also time_t is inappropriate for general
+                                       * UTC times because it may a 32 bit type. */
+        }
+#endif
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index aa60203ba8..1a30bf119b 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index b649e1fcf9..627ec87f9f 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -175,15 +175,12 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
         if (key->pkey)
                 {
-                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
                 EVP_PKEY_free(ret);
                 ret = key->pkey;
                 }
         else
-                {
                 key->pkey = ret;
-                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
         CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
         return ret;
diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile
new file mode 100644
index 0000000000..d01bfaa315
--- /dev/null
+++ b/src/lib/libcrypto/bf/Makefile
@@ -0,0 +1,101 @@
+#
+# OpenSSL/crypto/blowfish/Makefile
+#
+
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+BF_ENC=         bf_enc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+bf-586.s:       asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_skey.o: ../../include/openssl/symhacks.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl
index b74cfbafd4..1f9b345aee 100644
--- a/src/lib/libcrypto/bf/asm/bf-586.pl
+++ b/src/lib/libcrypto/bf/asm/bf-586.pl
@@ -19,7 +19,7 @@ $tmp4="edx";
 
 &BF_encrypt("BF_encrypt",1);
 &BF_encrypt("BF_decrypt",0);
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
 &asm_finish();
 
 sub BF_encrypt
diff --git a/src/lib/libcrypto/bf/asm/bf-686.pl b/src/lib/libcrypto/bf/asm/bf-686.pl
new file mode 100644
index 0000000000..8e4c25f598
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/bf-686.pl
@@ -0,0 +1,127 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-686.pl");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+
+&asm_finish();
+
+&file_end();
+
+sub des_encrypt
+        {
+        local($name,$enc)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+
+        &comment("");
+        &comment("P pointer, s and enc flag");
+        &mov($P,&wparam(1));
+
+        &xor(   $tmp1,  $tmp1);
+        &xor(   $tmp2,  $tmp2);
+
+        # encrypting part
+
+        if ($enc)
+                {
+                &xor($L,&DWP(0,$P,"",0));
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        else
+                {
+                &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(0,$P,"",0));
+
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+
+        &function_end_B($name);
+        }
+
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+
+        &rotr(  $R,             16);
+        &mov(   $tot,           &DWP(&n2a($i*4),$P,"",0));
+
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+
+        &rotr(  $R,             16);
+        &xor(   $L,             $tot);
+
+        &mov(   $tot,           &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+
+        &add(   $tot,           $tmp3);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+
+        &xor(   $tot,           $tmp1);
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+
+        &add(   $tot,           $tmp3);
+        &xor(   $tmp1,          $tmp1);
+
+        &xor(   $L,             $tot);                                  
+        # delay
+        }
+
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+
diff --git a/src/lib/libcrypto/bf/asm/readme b/src/lib/libcrypto/bf/asm/readme
new file mode 100644
index 0000000000..2385fa3812
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/readme
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+
+So the default is bf-586.pl
+
diff --git a/src/lib/libcrypto/bf/bf_opts.c b/src/lib/libcrypto/bf/bf_opts.c
new file mode 100644
index 0000000000..1721bb99b4
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_opts.c
@@ -0,0 +1,331 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/blowfish.h>
+
+#define BF_DEFAULT_OPTIONS
+
+#undef BF_ENC
+#define BF_encrypt  BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        BF_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+        BF_set_key(&sch,16,key);
+
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+        time_it(BF_encrypt_normal,      "BF_encrypt_normal ", 0);
+        time_it(BF_encrypt_ptr,         "BF_encrypt_ptr    ", 1);
+        time_it(BF_encrypt_ptr2,        "BF_encrypt_ptr2   ", 2);
+        num+=3;
+
+        str[0]="<nothing>";
+        print_it("BF_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("BF_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("BF_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+
+        printf("options    BF ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DBF_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DBF_PTR\n");
+                break;
+        case 2:
+                printf("-DBF_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bfs.cpp b/src/lib/libcrypto/bf/bfs.cpp
new file mode 100644
index 0000000000..d74c457760
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/blowfish.h>
+
+void main(int argc,char *argv[])
+        {
+        BF_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        BF_encrypt(&data[0],&key);
+                        }
+
+                printf("blowfish %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
+
diff --git a/src/lib/libcrypto/bf/bfspeed.c b/src/lib/libcrypto/bf/bfspeed.c
new file mode 100644
index 0000000000..c41ef3b403
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfspeed.c
@@ -0,0 +1,277 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/blowfish.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        BF_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        BF_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                BF_LONG data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing BF_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing BF_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                BF_LONG data[2];
+
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),BF_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+        printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+        printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bftest.c b/src/lib/libcrypto/bf/bftest.c
new file mode 100644
index 0000000000..97e6634d37
--- /dev/null
+++ b/src/lib/libcrypto/bf/bftest.c
@@ -0,0 +1,540 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return(0);
+}
+#else
+#include <openssl/blowfish.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *bf_key[2]={
+        "abcdefghijklmnopqrstuvwxyz",
+        "Who is John Galt?"
+        };
+
+/* big endian */
+static BF_LONG bf_plain[2][2]={
+        {0x424c4f57L,0x46495348L},
+        {0xfedcba98L,0x76543210L}
+        };
+
+static BF_LONG bf_cipher[2][2]={
+        {0x324ed0feL,0xf413a203L},
+        {0xcc91732bL,0x8022f684L}
+        };
+/************/
+
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+        {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+        {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+        {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+        {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+        {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+        {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+        {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+        {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+        {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+        {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+        {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+        {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+        {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+        {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+        {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+        {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+        {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+        {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+        {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+        {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+        {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+        {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+        {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+        {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+        {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+        {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+        {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+        {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+        {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+        {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+        };
+
+static unsigned char cbc_key [16]={
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+        0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+        0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+        0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+        0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+
+static unsigned char cfb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+        0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+        0x51,0x9D,0x57,0xA6,0xC3};
+
+static unsigned char ofb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+        0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+        0x63,0xC2,0xCF,0x80,0xDA};
+
+#define KEY_TEST_NUM    25
+static unsigned char key_test[KEY_TEST_NUM]={
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+        0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+        0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+        0x88};
+
+static unsigned char key_data[8]=
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+
+static unsigned char key_out[KEY_TEST_NUM][8]={
+        {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+        {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+        {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+        {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+        {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+        {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+        {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+        {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+        {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+        {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+        {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+        {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+        {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+        {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+        {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+        {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+        {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+        {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+        {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+        {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+        {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+        {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+        {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+        {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+        };
+
+static int test(void );
+static int print_test_data(void );
+int main(int argc, char *argv[])
+        {
+        int ret;
+
+        if (argc > 1)
+                ret=print_test_data();
+        else
+                ret=test();
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
+        EXIT(ret);
+        return(0);
+        }
+
+static int print_test_data(void)
+        {
+        unsigned int i,j;
+
+        printf("ecb test data\n");
+        printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                for (j=0; j<8; j++)
+                        printf("%02X",ecb_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",plain_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",cipher_data[i][j]);
+                printf("\n");
+                }
+
+        printf("set_key test data\n");
+        printf("data[8]= ");
+        for (j=0; j<8; j++)
+                printf("%02X",key_data[j]);
+        printf("\n");
+        for (i=0; i<KEY_TEST_NUM-1; i++)
+                {
+                printf("c=");
+                for (j=0; j<8; j++)
+                        printf("%02X",key_out[i][j]);
+                printf(" k[%2u]=",i+1);
+                for (j=0; j<i+1; j++)
+                        printf("%02X",key_test[j]);
+                printf("\n");
+                }
+
+        printf("\nchaining mode test data\n");
+        printf("key[16]   = ");
+        for (j=0; j<16; j++)
+                printf("%02X",cbc_key[j]);
+        printf("\niv[8]     = ");
+        for (j=0; j<8; j++)
+                printf("%02X",cbc_iv[j]);
+        printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+        printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cbc_data[j]);
+        printf("\n");
+        printf("cbc cipher text\n");
+        printf("cipher[%d]= ",32);
+        for (j=0; j<32; j++)
+                printf("%02X",cbc_ok[j]);
+        printf("\n");
+
+        printf("cfb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cfb64_ok[j]);
+        printf("\n");
+
+        printf("ofb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",ofb64_ok[j]);
+        printf("\n");
+        return(0);
+        }
+
+static int test(void)
+        {
+        unsigned char cbc_in[40],cbc_out[40],iv[8];
+        int i,n,err=0;
+        BF_KEY key;
+        BF_LONG data[2]; 
+        unsigned char out[8]; 
+        BF_LONG len;
+
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+#endif
+
+        printf("testing blowfish in raw ecb mode\n");
+        for (n=0; n<2; n++)
+                {
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+#endif
+                BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+
+                data[0]=bf_plain[n][0];
+                data[1]=bf_plain[n][1];
+                BF_encrypt(data,&key);
+                if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)bf_cipher[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+
+                BF_decrypt(&(data[0]),&key);
+                if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)bf_plain[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+
+        printf("testing blowfish in ecb mode\n");
+
+        for (n=0; n<NUM_TESTS; n++)
+                {
+                BF_set_key(&key,8,ecb_data[n]);
+
+                BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+                if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt blowfish error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",cipher_data[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+
+                BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+                if (memcmp(&(plain_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",plain_data[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+
+        printf("testing blowfish set_key\n");
+        for (n=1; n<KEY_TEST_NUM; n++)
+                {
+                BF_set_key(&key,n,key_test);
+                BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+                /* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
+                if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
+                        {
+                        printf("blowfish setkey error\n");
+                        err=1;
+                        }
+                }
+
+        printf("testing blowfish in cbc mode\n");
+        len=strlen(cbc_data)+1;
+
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,sizeof cbc_in);
+        memset(cbc_out,0,sizeof cbc_out);
+        memcpy(iv,cbc_iv,sizeof iv);
+        BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+                &key,iv,BF_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                err=1;
+                printf("BF_cbc_encrypt encrypt error\n");
+                for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt(cbc_out,cbc_in,len,
+                &key,iv,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("BF_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+
+        printf("testing blowfish in cfb64 mode\n");
+
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+                &key,iv,&n,BF_ENCRYPT);
+        BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+                &key,iv,&n,BF_ENCRYPT);
+        if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_cfb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_cfb64_encrypt(cbc_out,cbc_in,17,
+                &key,iv,&n,BF_DECRYPT);
+        BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+                &key,iv,&n,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_cfb64_encrypt decrypt error\n");
+                err=1;
+                }
+
+        printf("testing blowfish in ofb64\n");
+
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+        BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+                &(cbc_out[13]),len-13,&key,iv,&n);
+        if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_ofb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+        BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+
+        return(err);
+        }
+#endif
diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile
new file mode 100644
index 0000000000..c395d80496
--- /dev/null
+++ b/src/lib/libcrypto/bio/Makefile
@@ -0,0 +1,222 @@
+#
+# OpenSSL/crypto/bio/Makefile
+#
+
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
+        bss_dgram.c
+#       bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \
+        bss_dgram.o
+#       bf_lbuf.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h
+HEADER= bio_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_err.o: ../../include/openssl/symhacks.h bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bss_bio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_bio.o: bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c
+bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h
+bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c
diff --git a/src/lib/libcrypto/bio/bio_lcl.h b/src/lib/libcrypto/bio/bio_lcl.h
new file mode 100644
index 0000000000..e7f7ec8d8b
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_lcl.h
@@ -0,0 +1,36 @@
+#include <openssl/bio.h>
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+#define UP_stdin        stdin
+#define UP_stdout       stdout
+#define UP_stderr       stderr
+#define UP_fprintf      fprintf
+#define UP_fgets        fgets
+#define UP_fread        fread
+#define UP_fwrite       fwrite
+#undef  UP_fsetmod
+#define UP_feof         feof
+#define UP_fclose       fclose
+
+#define UP_fopen        fopen
+#define UP_fseek        fseek
+#define UP_ftell        ftell
+#define UP_fflush       fflush
+#define UP_ferror       ferror
+#ifdef _WIN32
+#define UP_fileno       _fileno
+#define UP_open         _open
+#define UP_read         _read
+#define UP_write        _write
+#define UP_lseek        _lseek
+#define UP_close        _close
+#else
+#define UP_fileno       fileno
+#define UP_open         open
+#define UP_read         read
+#define UP_write        write
+#define UP_lseek        lseek
+#define UP_close        close
+#endif
+#endif
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c
index 54c012c47d..1b1e4bec81 100644
--- a/src/lib/libcrypto/bio/bss_dgram.c
+++ b/src/lib/libcrypto/bio/bss_dgram.c
@@ -77,20 +77,10 @@
 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
 #endif
 
-#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
+#ifdef OPENSSL_SYS_LINUX
 #define IP_MTU      14 /* linux is lame */
 #endif
 
-#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
-/* Standard definition causes type-punning problems. */
-#undef IN6_IS_ADDR_V4MAPPED
-#define s6_addr32 __u6_addr.__u6_addr32
-#define IN6_IS_ADDR_V4MAPPED(a)               \
-        (((a)->s6_addr32[0] == 0) &&          \
-         ((a)->s6_addr32[1] == 0) &&          \
-         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
-#endif
-
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -265,7 +255,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         {
 #if defined(SO_RCVTIMEO)
         bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        union { size_t s; int i; } sz = {0};
+        int sz = sizeof(int);
 
         /* Is a timer active? */
         if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -275,10 +265,8 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                 /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                 int timeout;
-
-                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                           (void*)&timeout, &sz.i) < 0)
+                                           (void*)&timeout, &sz) < 0)
                         { perror("getsockopt"); }
                 else
                         {
@@ -286,12 +274,9 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                         data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                         }
 #else
-                sz.i = sizeof(data->socket_timeout);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                 &(data->socket_timeout), (void *)&sz) < 0)
                         { perror("getsockopt"); }
-                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-                        OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                 /* Get current time */
@@ -460,10 +445,11 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         int *ip;
         struct sockaddr *to = NULL;
         bio_dgram_data *data = NULL;
-#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
-        int sockopt_val = 0;
-        socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
-                                 * modern enough to define socklen_t */
+#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
+        long sockopt_val = 0;
+        unsigned int sockopt_len = 0;
+#endif
+#ifdef OPENSSL_SYS_LINUX
         socklen_t addr_len;
         union   {
                 struct sockaddr sa;
@@ -545,7 +531,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
                 /* (Linux)kernel sets DF bit on outgoing IP packets */
         case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+#ifdef OPENSSL_SYS_LINUX
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -553,6 +539,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         ret = 0;
                         break;
                         }
+                sockopt_len = sizeof(sockopt_val);
                 switch (addr.sa.sa_family)
                         {
                 case AF_INET:
@@ -561,7 +548,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 &sockopt_val, sizeof(sockopt_val))) < 0)
                                 perror("setsockopt");
                         break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
                 case AF_INET6:
                         sockopt_val = IPV6_PMTUDISC_DO;
                         if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -578,7 +565,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
 #endif
         case BIO_CTRL_DGRAM_QUERY_MTU:
-#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
+#ifdef OPENSSL_SYS_LINUX
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -740,15 +727,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-                {
-                union { size_t s; int i; } sz = {0};
 #ifdef OPENSSL_SYS_WINDOWS
-                int timeout;
+                {
+                int timeout, sz = sizeof(timeout);
                 struct timeval *tv = (struct timeval *)ptr;
-
-                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                        (void*)&timeout, &sz.i) < 0)
+                        (void*)&timeout, &sz) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -756,20 +740,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
+                }
 #else
-                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                        ptr, (void *)&sz) < 0)
+                        ptr, (void *)&ret) < 0)
                         { perror("getsockopt"); ret = -1; }
-                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-                        {
-                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
-                        ret = (int)sz.s;
-                        }
-                else
-                        ret = sz.i;
 #endif
-                }
                 break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -789,15 +765,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-                {
-                union { size_t s; int i; } sz = {0};
 #ifdef OPENSSL_SYS_WINDOWS
-                int timeout;
+                {
+                int timeout, sz = sizeof(timeout);
                 struct timeval *tv = (struct timeval *)ptr;
-
-                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                        (void*)&timeout, &sz.i) < 0)
+                        (void*)&timeout, &sz) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -805,20 +778,12 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
+                }
 #else
-                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                        ptr, (void *)&sz) < 0)
+                        ptr, (void *)&ret) < 0)
                         { perror("getsockopt"); ret = -1; }
-                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-                        {
-                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
-                        ret = (int)sz.s;
-                        }
-                else
-                        ret = sz.i;
 #endif
-                }
                 break;
 #endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -906,8 +871,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
         memset(authchunks, 0, sizeof(sockopt_len));
         ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
         OPENSSL_assert(ret >= 0);
-
-        for (p = (unsigned char*) authchunks->gauth_chunks;
+        
+        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
              p < (unsigned char*) authchunks + sockopt_len;
              p += sizeof(uint8_t))
                 {
@@ -990,6 +955,7 @@ static int dgram_sctp_free(BIO *a)
 #ifdef SCTP_AUTHENTICATION_EVENT
 void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
         {
+        unsigned int sockopt_len = 0;
         int ret;
         struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
 
@@ -999,8 +965,9 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
 
                 /* delete key */
                 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+                sockopt_len = sizeof(struct sctp_authkeyid);
                 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                      &authkeyid, sizeof(struct sctp_authkeyid));
+                      &authkeyid, sockopt_len);
                 }
         }
 #endif
@@ -1197,7 +1164,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                         ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
                         OPENSSL_assert(ii >= 0);
 
-                        for (p = (unsigned char*) authchunks->gauth_chunks;
+                        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
                                  p < (unsigned char*) authchunks + optlen;
                                  p += sizeof(uint8_t))
                                 {
@@ -1331,7 +1298,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         bio_dgram_sctp_data *data = NULL;
-        socklen_t sockopt_len = 0;
+        unsigned int sockopt_len = 0;
         struct sctp_authkeyid authkeyid;
         struct sctp_authkey *authkey;
 
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
index 2227b2b52d..b7dce5c1a2 100644
--- a/src/lib/libcrypto/bio/bss_log.c
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if (check_winnt())
+        if (GetVersion() < 0x80000000)
                 bp->ptr = RegisterEventSourceA(NULL,name);
         else
                 bp->ptr = NULL;
diff --git a/src/lib/libcrypto/bio/bss_rtcp.c b/src/lib/libcrypto/bio/bss_rtcp.c
new file mode 100644
index 0000000000..7dae485564
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_rtcp.c
@@ -0,0 +1,294 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
+ * Date:   22-JUL-1996
+ * Revised: 25-SEP-1997         Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#include <iodef.h>              /* VMS IO$_ definitions */
+#include <starlet.h>
+
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+
+struct rpc_msg {                /* Should have member alignment inhibited */
+   char channel;                /* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;               /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;   /* Amount of data returned or max to return */
+   char data[4092];             /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+
+static int rtcp_write(BIO *h,const char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,const char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+
+static BIO_METHOD rtcp_method=
+        {
+        BIO_TYPE_FD,
+        "RTCP",
+        rtcp_write,
+        rtcp_read,
+        rtcp_puts,
+        rtcp_gets,
+        rtcp_ctrl,
+        rtcp_new,
+        rtcp_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_rtcp(void)
+        {
+        return(&rtcp_method);
+        }
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+        buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+        buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
+/***************************************************************************/
+
+static int rtcp_new(BIO *bi)
+{
+    struct rpc_ctx *ctx;
+        bi->init=1;
+        bi->num=0;
+        bi->flags = 0;
+        bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
+        ctx = (struct rpc_ctx *) bi->ptr;
+        ctx->filled = 0;
+        ctx->pos = 0;
+        return(1);
+}
+
+static int rtcp_free(BIO *a)
+{
+        if (a == NULL) return(0);
+        if ( a->ptr ) OPENSSL_free ( a->ptr );
+        a->ptr = NULL;
+        return(1);
+}
+        
+static int rtcp_read(BIO *b, char *out, int outl)
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, &ctx->msg.data[ctx->pos], length );
+        ctx->pos += length;
+        return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+        return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+        length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, ctx->msg.data, length );
+        ctx->pos += length;
+        return length;
+    }
+
+    return length;
+}
+
+static int rtcp_write(BIO *b, const char *in, int inl)
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+        segment = inl - i;
+        if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+        ctx->msg.channel = 'R';
+        ctx->msg.function = 'P';
+        ctx->msg.length = segment;
+        memmove ( ctx->msg.data, &in[i], segment );
+        status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+        if ((status&1) == 0 ) { i = -1; break; }
+
+        status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+        if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+        if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+           printf("unexpected response when confirming put %c %c\n",
+                ctx->msg.channel, ctx->msg.function );
+
+        }
+    }
+    return(i);
+}
+
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+                ret = 1;
+                break;
+        case BIO_C_SET_FD:
+                b->num = num;
+                ret = 1;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int rtcp_gets(BIO *bp, char *buf, int size)
+        {
+        return(0);
+        }
+
+static int rtcp_puts(BIO *bp, const char *str)
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
+
diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile
new file mode 100644
index 0000000000..672773454c
--- /dev/null
+++ b/src/lib/libcrypto/bn/Makefile
@@ -0,0 +1,375 @@
+#
+# OpenSSL/crypto/bn/Makefile
+#
+
+DIR=    bn
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+BN_ASM=         bn_asm.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+        bn_depr.c bn_const.c bn_x931p.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
+        bn_depr.o bn_const.o bn_x931p.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+bn_prime.h: bn_prime.pl
+        $(PERL) bn_prime.pl >bn_prime.h
+
+divtest: divtest.c ../../libcrypto.a
+        cc -I../../include divtest.c -o divtest ../../libcrypto.a
+
+bnbug: bnbug.c ../../libcrypto.a top
+        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+bn-586.s:       asm/bn-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+co-586.s:       asm/co-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+x86-mont.s:     asm/x86-mont.pl ../perlasm/x86asm.pl
+        $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+x86-gf2m.s:     asm/x86-gf2m.pl ../perlasm/x86asm.pl
+        $(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+sparcv8.o:      asm/sparcv8.S
+        $(CC) $(CFLAGS) -c asm/sparcv8.S
+bn-sparcv9.o:   asm/sparcv8plus.S
+        $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
+sparcv9a-mont.s:        asm/sparcv9a-mont.pl
+        $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
+sparcv9-mont.s:         asm/sparcv9-mont.pl
+        $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
+
+bn-mips3.o:     asm/mips3.s
+        @if [ "$(CC)" = "gcc" ]; then \
+                ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
+                as -$$ABI -O -o $@ asm/mips3.s; \
+        else    $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+
+bn-mips.s:      asm/mips.pl
+        $(PERL) asm/mips.pl $(PERLASM_SCHEME) $@
+mips-mont.s:    asm/mips-mont.pl
+        $(PERL) asm/mips-mont.pl $(PERLASM_SCHEME) $@
+
+bn-s390x.o:     asm/s390x.S
+        $(CC) $(CFLAGS) -c -o $@ asm/s390x.S
+s390x-gf2m.s:   asm/s390x-gf2m.pl
+        $(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@
+
+x86_64-gcc.o:   asm/x86_64-gcc.c
+        $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
+x86_64-mont.s:  asm/x86_64-mont.pl
+        $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
+x86_64-mont5.s: asm/x86_64-mont5.pl
+        $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@
+x86_64-gf2m.s:  asm/x86_64-gf2m.pl
+        $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@
+modexp512-x86_64.s:     asm/modexp512-x86_64.pl
+        $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@
+
+bn-ia64.s:      asm/ia64.S
+        $(CC) $(CFLAGS) -E asm/ia64.S > $@
+ia64-mont.s:    asm/ia64-mont.pl
+        $(PERL) asm/ia64-mont.pl $@ $(CFLAGS)
+
+# GNU assembler fails to compile PA-RISC2 modules, insist on calling
+# vendor assembler...
+pa-risc2W.o: asm/pa-risc2W.s
+        /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
+pa-risc2.o: asm/pa-risc2.s
+        /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
+parisc-mont.s:  asm/parisc-mont.pl
+        $(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@
+
+# ppc - AIX, Linux, MacOS X...
+bn-ppc.s:       asm/ppc.pl;     $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
+ppc-mont.s:     asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
+ppc64-mont.s:   asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
+
+alpha-mont.s:   asm/alpha-mont.pl
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+
+# GNU make "catch all"
+%-mont.s:       asm/%-mont.pl;  $(PERL) $< $(PERLASM_SCHEME) $@
+%-gf2m.S:       asm/%-gf2m.pl;  $(PERL) $< $(PERLASM_SCHEME) $@
+
+armv4-gf2m.o:   armv4-gf2m.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+exptest:
+        rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+        rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_const.o: ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_err.o: bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
+bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_x931p.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_x931p.o: ../../include/openssl/symhacks.h bn_x931p.c
diff --git a/src/lib/libcrypto/bn/asm/README b/src/lib/libcrypto/bn/asm/README
new file mode 100644
index 0000000000..b0f3a68a06
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/README
@@ -0,0 +1,27 @@
+<OBSOLETE>
+
+All assember in this directory are just version of the file
+crypto/bn/bn_asm.c.
+
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+
+There are 3 versions of assember for the HP PA-RISC.
+
+pa-risc.s is the origional one which works fine and generated using gcc :-)
+
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).
+
+</OBSOLETE>
diff --git a/src/lib/libcrypto/bn/asm/mips3-mont.pl b/src/lib/libcrypto/bn/asm/mips3-mont.pl
new file mode 100644
index 0000000000..8f9156e02a
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/mips3-mont.pl
@@ -0,0 +1,327 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# This module doesn't present direct interest for OpenSSL, because it
+# doesn't provide better performance for longer keys. While 512-bit
+# RSA private key operations are 40% faster, 1024-bit ones are hardly
+# faster at all, while longer key operations are slower by up to 20%.
+# It might be of interest to embedded system developers though, as
+# it's smaller than 1KB, yet offers ~3x improvement over compiler
+# generated code.
+#
+# The module targets N32 and N64 MIPS ABIs and currently is a bit
+# IRIX-centric, i.e. is likely to require adaptation for other OSes.
+
+# int bn_mul_mont(
+$rp="a0";       # BN_ULONG *rp,
+$ap="a1";       # const BN_ULONG *ap,
+$bp="a2";       # const BN_ULONG *bp,
+$np="a3";       # const BN_ULONG *np,
+$n0="a4";       # const BN_ULONG *n0,
+$num="a5";      # int num);
+
+$lo0="a6";
+$hi0="a7";
+$lo1="v0";
+$hi1="v1";
+$aj="t0";
+$bi="t1";
+$nj="t2";
+$tp="t3";
+$alo="s0";
+$ahi="s1";
+$nlo="s2";
+$nhi="s3";
+$tj="s4";
+$i="s5";
+$j="s6";
+$fp="t8";
+$m1="t9";
+
+$FRAME=8*(2+8);
+
+$code=<<___;
+#include <asm.h>
+#include <regdef.h>
+
+.text
+
+.set    noat
+.set    reorder
+
+.align  5
+.globl  bn_mul_mont
+.ent    bn_mul_mont
+bn_mul_mont:
+        .set    noreorder
+        PTR_SUB sp,64
+        move    $fp,sp
+        .frame  $fp,64,ra
+        slt     AT,$num,4
+        li      v0,0
+        beqzl   AT,.Lproceed
+        nop
+        jr      ra
+        PTR_ADD sp,$fp,64
+        .set    reorder
+.align  5
+.Lproceed:
+        ld      $n0,0($n0)
+        ld      $bi,0($bp)      # bp[0]
+        ld      $aj,0($ap)      # ap[0]
+        ld      $nj,0($np)      # np[0]
+        PTR_SUB sp,16           # place for two extra words
+        sll     $num,3
+        li      AT,-4096
+        PTR_SUB sp,$num
+        and     sp,AT
+
+        sd      s0,0($fp)
+        sd      s1,8($fp)
+        sd      s2,16($fp)
+        sd      s3,24($fp)
+        sd      s4,32($fp)
+        sd      s5,40($fp)
+        sd      s6,48($fp)
+        sd      s7,56($fp)
+
+        dmultu  $aj,$bi
+        ld      $alo,8($ap)
+        ld      $nlo,8($np)
+        mflo    $lo0
+        mfhi    $hi0
+        dmultu  $lo0,$n0
+        mflo    $m1
+
+        dmultu  $alo,$bi
+        mflo    $alo
+        mfhi    $ahi
+
+        dmultu  $nj,$m1
+        mflo    $lo1
+        mfhi    $hi1
+        dmultu  $nlo,$m1
+        daddu   $lo1,$lo0
+        sltu    AT,$lo1,$lo0
+        daddu   $hi1,AT
+        mflo    $nlo
+        mfhi    $nhi
+
+        move    $tp,sp
+        li      $j,16
+.align  4
+.L1st:
+        .set    noreorder
+        PTR_ADD $aj,$ap,$j
+        ld      $aj,($aj)
+        PTR_ADD $nj,$np,$j
+        ld      $nj,($nj)
+
+        dmultu  $aj,$bi
+        daddu   $lo0,$alo,$hi0
+        daddu   $lo1,$nlo,$hi1
+        sltu    AT,$lo0,$hi0
+        sltu    s7,$lo1,$hi1
+        daddu   $hi0,$ahi,AT
+        daddu   $hi1,$nhi,s7
+        mflo    $alo
+        mfhi    $ahi
+
+        daddu   $lo1,$lo0
+        sltu    AT,$lo1,$lo0
+        dmultu  $nj,$m1
+        daddu   $hi1,AT
+        addu    $j,8
+        sd      $lo1,($tp)
+        sltu    s7,$j,$num
+        mflo    $nlo
+        mfhi    $nhi
+
+        bnez    s7,.L1st
+        PTR_ADD $tp,8
+        .set    reorder
+
+        daddu   $lo0,$alo,$hi0
+        sltu    AT,$lo0,$hi0
+        daddu   $hi0,$ahi,AT
+
+        daddu   $lo1,$nlo,$hi1
+        sltu    s7,$lo1,$hi1
+        daddu   $hi1,$nhi,s7
+        daddu   $lo1,$lo0
+        sltu    AT,$lo1,$lo0
+        daddu   $hi1,AT
+
+        sd      $lo1,($tp)
+
+        daddu   $hi1,$hi0
+        sltu    AT,$hi1,$hi0
+        sd      $hi1,8($tp)
+        sd      AT,16($tp)
+
+        li      $i,8
+.align  4
+.Louter:
+        PTR_ADD $bi,$bp,$i
+        ld      $bi,($bi)
+        ld      $aj,($ap)
+        ld      $alo,8($ap)
+        ld      $tj,(sp)
+
+        dmultu  $aj,$bi
+        ld      $nj,($np)
+        ld      $nlo,8($np)
+        mflo    $lo0
+        mfhi    $hi0
+        daddu   $lo0,$tj
+        dmultu  $lo0,$n0
+        sltu    AT,$lo0,$tj
+        daddu   $hi0,AT
+        mflo    $m1
+
+        dmultu  $alo,$bi
+        mflo    $alo
+        mfhi    $ahi
+
+        dmultu  $nj,$m1
+        mflo    $lo1
+        mfhi    $hi1
+
+        dmultu  $nlo,$m1
+        daddu   $lo1,$lo0
+        sltu    AT,$lo1,$lo0
+        daddu   $hi1,AT
+        mflo    $nlo
+        mfhi    $nhi
+
+        move    $tp,sp
+        li      $j,16
+        ld      $tj,8($tp)
+.align  4
+.Linner:
+        .set    noreorder
+        PTR_ADD $aj,$ap,$j
+        ld      $aj,($aj)
+        PTR_ADD $nj,$np,$j
+        ld      $nj,($nj)
+
+        dmultu  $aj,$bi
+        daddu   $lo0,$alo,$hi0
+        daddu   $lo1,$nlo,$hi1
+        sltu    AT,$lo0,$hi0
+        sltu    s7,$lo1,$hi1
+        daddu   $hi0,$ahi,AT
+        daddu   $hi1,$nhi,s7
+        mflo    $alo
+        mfhi    $ahi
+
+        daddu   $lo0,$tj
+        addu    $j,8
+        dmultu  $nj,$m1
+        sltu    AT,$lo0,$tj
+        daddu   $lo1,$lo0
+        daddu   $hi0,AT
+        sltu    s7,$lo1,$lo0
+        ld      $tj,16($tp)
+        daddu   $hi1,s7
+        sltu    AT,$j,$num
+        mflo    $nlo
+        mfhi    $nhi
+        sd      $lo1,($tp)
+        bnez    AT,.Linner
+        PTR_ADD $tp,8
+        .set    reorder
+
+        daddu   $lo0,$alo,$hi0
+        sltu    AT,$lo0,$hi0
+        daddu   $hi0,$ahi,AT
+        daddu   $lo0,$tj
+        sltu    s7,$lo0,$tj
+        daddu   $hi0,s7
+
+        ld      $tj,16($tp)
+        daddu   $lo1,$nlo,$hi1
+        sltu    AT,$lo1,$hi1
+        daddu   $hi1,$nhi,AT
+        daddu   $lo1,$lo0
+        sltu    s7,$lo1,$lo0
+        daddu   $hi1,s7
+        sd      $lo1,($tp)
+
+        daddu   $lo1,$hi1,$hi0
+        sltu    $hi1,$lo1,$hi0
+        daddu   $lo1,$tj
+        sltu    AT,$lo1,$tj
+        daddu   $hi1,AT
+        sd      $lo1,8($tp)
+        sd      $hi1,16($tp)
+
+        addu    $i,8
+        sltu    s7,$i,$num
+        bnez    s7,.Louter
+
+        .set    noreorder
+        PTR_ADD $tj,sp,$num     # &tp[num]
+        move    $tp,sp
+        move    $ap,sp
+        li      $hi0,0          # clear borrow bit
+
+.align  4
+.Lsub:  ld      $lo0,($tp)
+        ld      $lo1,($np)
+        PTR_ADD $tp,8
+        PTR_ADD $np,8
+        dsubu   $lo1,$lo0,$lo1  # tp[i]-np[i]
+        sgtu    AT,$lo1,$lo0
+        dsubu   $lo0,$lo1,$hi0
+        sgtu    $hi0,$lo0,$lo1
+        sd      $lo0,($rp)
+        or      $hi0,AT
+        sltu    AT,$tp,$tj
+        bnez    AT,.Lsub
+        PTR_ADD $rp,8
+
+        dsubu   $hi0,$hi1,$hi0  # handle upmost overflow bit
+        move    $tp,sp
+        PTR_SUB $rp,$num        # restore rp
+        not     $hi1,$hi0
+
+        and     $ap,$hi0,sp
+        and     $bp,$hi1,$rp
+        or      $ap,$ap,$bp     # ap=borrow?tp:rp
+
+.align  4
+.Lcopy: ld      $aj,($ap)
+        PTR_ADD $ap,8
+        PTR_ADD $tp,8
+        sd      zero,-8($tp)
+        sltu    AT,$tp,$tj
+        sd      $aj,($rp)
+        bnez    AT,.Lcopy
+        PTR_ADD $rp,8
+
+        ld      s0,0($fp)
+        ld      s1,8($fp)
+        ld      s2,16($fp)
+        ld      s3,24($fp)
+        ld      s4,32($fp)
+        ld      s5,40($fp)
+        ld      s6,48($fp)
+        ld      s7,56($fp)
+        li      v0,1
+        jr      ra
+        PTR_ADD sp,$fp,64
+        .set    reorder
+END(bn_mul_mont)
+.rdata
+.asciiz "Montgomery Multiplication for MIPS III/IV, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s
new file mode 100644
index 0000000000..dca4105c7d
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/mips3.s
@@ -0,0 +1,2201 @@
+.rdata
+.asciiz "mips3.s, Version 1.1"
+.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+#include <asm.h>
+#include <regdef.h>
+
+#if _MIPS_ISA>=4
+#define MOVNZ(cond,dst,src)     \
+        movn    dst,src,cond
+#else
+#define MOVNZ(cond,dst,src)     \
+        .set    noreorder;      \
+        bnezl   cond,.+8;       \
+        move    dst,src;        \
+        .set    reorder
+#endif
+
+.text
+
+.set    noat
+.set    reorder
+
+#define MINUS4  v1
+
+.align  5
+LEAF(bn_mul_add_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_mul_add_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+
+.L_bn_mul_add_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+        dmultu  t0,a3
+        ld      t1,0(a0)
+        ld      t2,8(a1)
+        ld      t3,8(a0)
+        ld      ta0,16(a1)
+        ld      ta1,16(a0)
+        daddu   t1,v0
+        sltu    v0,t1,v0        /* All manuals say it "compares 32-bit
+                                 * values", but it seems to work fine
+                                 * even on 64-bit registers. */
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,0(a0)
+        daddu   v0,AT
+
+        dmultu  t2,a3
+        ld      ta2,24(a1)
+        ld      ta3,24(a0)
+        daddu   t3,v0
+        sltu    v0,t3,v0
+        mflo    AT
+        mfhi    t2
+        daddu   t3,AT
+        daddu   v0,t2
+        sltu    AT,t3,AT
+        sd      t3,8(a0)
+        daddu   v0,AT
+
+        dmultu  ta0,a3
+        subu    a2,4
+        PTR_ADD a0,32
+        PTR_ADD a1,32
+        daddu   ta1,v0
+        sltu    v0,ta1,v0
+        mflo    AT
+        mfhi    ta0
+        daddu   ta1,AT
+        daddu   v0,ta0
+        sltu    AT,ta1,AT
+        sd      ta1,-16(a0)
+        daddu   v0,AT
+
+
+        dmultu  ta2,a3
+        and     ta0,a2,MINUS4
+        daddu   ta3,v0
+        sltu    v0,ta3,v0
+        mflo    AT
+        mfhi    ta2
+        daddu   ta3,AT
+        daddu   v0,ta2
+        sltu    AT,ta3,AT
+        sd      ta3,-8(a0)
+        daddu   v0,AT
+        .set    noreorder
+        bgtzl   ta0,.L_bn_mul_add_words_loop
+        ld      t0,0(a1)
+
+        bnezl   a2,.L_bn_mul_add_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+
+.L_bn_mul_add_words_return:
+        jr      ra
+
+.L_bn_mul_add_words_tail:
+        dmultu  t0,a3
+        ld      t1,0(a0)
+        subu    a2,1
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,0(a0)
+        daddu   v0,AT
+        beqz    a2,.L_bn_mul_add_words_return
+
+        ld      t0,8(a1)
+        dmultu  t0,a3
+        ld      t1,8(a0)
+        subu    a2,1
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,8(a0)
+        daddu   v0,AT
+        beqz    a2,.L_bn_mul_add_words_return
+
+        ld      t0,16(a1)
+        dmultu  t0,a3
+        ld      t1,16(a0)
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,16(a0)
+        daddu   v0,AT
+        jr      ra
+END(bn_mul_add_words)
+
+.align  5
+LEAF(bn_mul_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_mul_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+
+.L_bn_mul_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+        dmultu  t0,a3
+        ld      t2,8(a1)
+        ld      ta0,16(a1)
+        ld      ta2,24(a1)
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,0(a0)
+        daddu   v0,t1,t0
+
+        dmultu  t2,a3
+        subu    a2,4
+        PTR_ADD a0,32
+        PTR_ADD a1,32
+        mflo    AT
+        mfhi    t2
+        daddu   v0,AT
+        sltu    t3,v0,AT
+        sd      v0,-24(a0)
+        daddu   v0,t3,t2
+
+        dmultu  ta0,a3
+        mflo    AT
+        mfhi    ta0
+        daddu   v0,AT
+        sltu    ta1,v0,AT
+        sd      v0,-16(a0)
+        daddu   v0,ta1,ta0
+
+
+        dmultu  ta2,a3
+        and     ta0,a2,MINUS4
+        mflo    AT
+        mfhi    ta2
+        daddu   v0,AT
+        sltu    ta3,v0,AT
+        sd      v0,-8(a0)
+        daddu   v0,ta3,ta2
+        .set    noreorder
+        bgtzl   ta0,.L_bn_mul_words_loop
+        ld      t0,0(a1)
+
+        bnezl   a2,.L_bn_mul_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+
+.L_bn_mul_words_return:
+        jr      ra
+
+.L_bn_mul_words_tail:
+        dmultu  t0,a3
+        subu    a2,1
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,0(a0)
+        daddu   v0,t1,t0
+        beqz    a2,.L_bn_mul_words_return
+
+        ld      t0,8(a1)
+        dmultu  t0,a3
+        subu    a2,1
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,8(a0)
+        daddu   v0,t1,t0
+        beqz    a2,.L_bn_mul_words_return
+
+        ld      t0,16(a1)
+        dmultu  t0,a3
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,16(a0)
+        daddu   v0,t1,t0
+        jr      ra
+END(bn_mul_words)
+
+.align  5
+LEAF(bn_sqr_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_sqr_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+
+.L_bn_sqr_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+        dmultu  t0,t0
+        ld      t2,8(a1)
+        ld      ta0,16(a1)
+        ld      ta2,24(a1)
+        mflo    t1
+        mfhi    t0
+        sd      t1,0(a0)
+        sd      t0,8(a0)
+
+        dmultu  t2,t2
+        subu    a2,4
+        PTR_ADD a0,64
+        PTR_ADD a1,32
+        mflo    t3
+        mfhi    t2
+        sd      t3,-48(a0)
+        sd      t2,-40(a0)
+
+        dmultu  ta0,ta0
+        mflo    ta1
+        mfhi    ta0
+        sd      ta1,-32(a0)
+        sd      ta0,-24(a0)
+
+
+        dmultu  ta2,ta2
+        and     ta0,a2,MINUS4
+        mflo    ta3
+        mfhi    ta2
+        sd      ta3,-16(a0)
+        sd      ta2,-8(a0)
+
+        .set    noreorder
+        bgtzl   ta0,.L_bn_sqr_words_loop
+        ld      t0,0(a1)
+
+        bnezl   a2,.L_bn_sqr_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+
+.L_bn_sqr_words_return:
+        move    v0,zero
+        jr      ra
+
+.L_bn_sqr_words_tail:
+        dmultu  t0,t0
+        subu    a2,1
+        mflo    t1
+        mfhi    t0
+        sd      t1,0(a0)
+        sd      t0,8(a0)
+        beqz    a2,.L_bn_sqr_words_return
+
+        ld      t0,8(a1)
+        dmultu  t0,t0
+        subu    a2,1
+        mflo    t1
+        mfhi    t0
+        sd      t1,16(a0)
+        sd      t0,24(a0)
+        beqz    a2,.L_bn_sqr_words_return
+
+        ld      t0,16(a1)
+        dmultu  t0,t0
+        mflo    t1
+        mfhi    t0
+        sd      t1,32(a0)
+        sd      t0,40(a0)
+        jr      ra
+END(bn_sqr_words)
+
+.align  5
+LEAF(bn_add_words)
+        .set    noreorder
+        bgtzl   a3,.L_bn_add_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+
+.L_bn_add_words_proceed:
+        li      MINUS4,-4
+        and     AT,a3,MINUS4
+        move    v0,zero
+        beqz    AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+        ld      ta0,0(a2)
+        subu    a3,4
+        ld      t1,8(a1)
+        and     AT,a3,MINUS4
+        ld      t2,16(a1)
+        PTR_ADD a2,32
+        ld      t3,24(a1)
+        PTR_ADD a0,32
+        ld      ta1,-24(a2)
+        PTR_ADD a1,32
+        ld      ta2,-16(a2)
+        ld      ta3,-8(a2)
+        daddu   ta0,t0
+        sltu    t8,ta0,t0
+        daddu   t0,ta0,v0
+        sltu    v0,t0,ta0
+        sd      t0,-32(a0)
+        daddu   v0,t8
+
+        daddu   ta1,t1
+        sltu    t9,ta1,t1
+        daddu   t1,ta1,v0
+        sltu    v0,t1,ta1
+        sd      t1,-24(a0)
+        daddu   v0,t9
+
+        daddu   ta2,t2
+        sltu    t8,ta2,t2
+        daddu   t2,ta2,v0
+        sltu    v0,t2,ta2
+        sd      t2,-16(a0)
+        daddu   v0,t8
+        
+        daddu   ta3,t3
+        sltu    t9,ta3,t3
+        daddu   t3,ta3,v0
+        sltu    v0,t3,ta3
+        sd      t3,-8(a0)
+        daddu   v0,t9
+        
+        .set    noreorder
+        bgtzl   AT,.L_bn_add_words_loop
+        ld      t0,0(a1)
+
+        bnezl   a3,.L_bn_add_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+
+.L_bn_add_words_return:
+        jr      ra
+
+.L_bn_add_words_tail:
+        ld      ta0,0(a2)
+        daddu   ta0,t0
+        subu    a3,1
+        sltu    t8,ta0,t0
+        daddu   t0,ta0,v0
+        sltu    v0,t0,ta0
+        sd      t0,0(a0)
+        daddu   v0,t8
+        beqz    a3,.L_bn_add_words_return
+
+        ld      t1,8(a1)
+        ld      ta1,8(a2)
+        daddu   ta1,t1
+        subu    a3,1
+        sltu    t9,ta1,t1
+        daddu   t1,ta1,v0
+        sltu    v0,t1,ta1
+        sd      t1,8(a0)
+        daddu   v0,t9
+        beqz    a3,.L_bn_add_words_return
+
+        ld      t2,16(a1)
+        ld      ta2,16(a2)
+        daddu   ta2,t2
+        sltu    t8,ta2,t2
+        daddu   t2,ta2,v0
+        sltu    v0,t2,ta2
+        sd      t2,16(a0)
+        daddu   v0,t8
+        jr      ra
+END(bn_add_words)
+
+.align  5
+LEAF(bn_sub_words)
+        .set    noreorder
+        bgtzl   a3,.L_bn_sub_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+
+.L_bn_sub_words_proceed:
+        li      MINUS4,-4
+        and     AT,a3,MINUS4
+        move    v0,zero
+        beqz    AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+        ld      ta0,0(a2)
+        subu    a3,4
+        ld      t1,8(a1)
+        and     AT,a3,MINUS4
+        ld      t2,16(a1)
+        PTR_ADD a2,32
+        ld      t3,24(a1)
+        PTR_ADD a0,32
+        ld      ta1,-24(a2)
+        PTR_ADD a1,32
+        ld      ta2,-16(a2)
+        ld      ta3,-8(a2)
+        sltu    t8,t0,ta0
+        dsubu   t0,ta0
+        dsubu   ta0,t0,v0
+        sd      ta0,-32(a0)
+        MOVNZ   (t0,v0,t8)
+
+        sltu    t9,t1,ta1
+        dsubu   t1,ta1
+        dsubu   ta1,t1,v0
+        sd      ta1,-24(a0)
+        MOVNZ   (t1,v0,t9)
+
+
+        sltu    t8,t2,ta2
+        dsubu   t2,ta2
+        dsubu   ta2,t2,v0
+        sd      ta2,-16(a0)
+        MOVNZ   (t2,v0,t8)
+
+        sltu    t9,t3,ta3
+        dsubu   t3,ta3
+        dsubu   ta3,t3,v0
+        sd      ta3,-8(a0)
+        MOVNZ   (t3,v0,t9)
+
+        .set    noreorder
+        bgtzl   AT,.L_bn_sub_words_loop
+        ld      t0,0(a1)
+
+        bnezl   a3,.L_bn_sub_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+
+.L_bn_sub_words_return:
+        jr      ra
+
+.L_bn_sub_words_tail:
+        ld      ta0,0(a2)
+        subu    a3,1
+        sltu    t8,t0,ta0
+        dsubu   t0,ta0
+        dsubu   ta0,t0,v0
+        MOVNZ   (t0,v0,t8)
+        sd      ta0,0(a0)
+        beqz    a3,.L_bn_sub_words_return
+
+        ld      t1,8(a1)
+        subu    a3,1
+        ld      ta1,8(a2)
+        sltu    t9,t1,ta1
+        dsubu   t1,ta1
+        dsubu   ta1,t1,v0
+        MOVNZ   (t1,v0,t9)
+        sd      ta1,8(a0)
+        beqz    a3,.L_bn_sub_words_return
+
+        ld      t2,16(a1)
+        ld      ta2,16(a2)
+        sltu    t8,t2,ta2
+        dsubu   t2,ta2
+        dsubu   ta2,t2,v0
+        MOVNZ   (t2,v0,t8)
+        sd      ta2,16(a0)
+        jr      ra
+END(bn_sub_words)
+
+#undef  MINUS4
+
+.align 5
+LEAF(bn_div_3_words)
+        .set    reorder
+        move    a3,a0           /* we know that bn_div_words doesn't
+                                 * touch a3, ta2, ta3 and preserves a2
+                                 * so that we can save two arguments
+                                 * and return address in registers
+                                 * instead of stack:-)
+                                 */
+        ld      a0,(a3)
+        move    ta2,a1
+        ld      a1,-8(a3)
+        bne     a0,a2,.L_bn_div_3_words_proceed
+        li      v0,-1
+        jr      ra
+.L_bn_div_3_words_proceed:
+        move    ta3,ra
+        bal     bn_div_words
+        move    ra,ta3
+        dmultu  ta2,v0
+        ld      t2,-16(a3)
+        move    ta0,zero
+        mfhi    t1
+        mflo    t0
+        sltu    t8,t1,v1
+.L_bn_div_3_words_inner_loop:
+        bnez    t8,.L_bn_div_3_words_inner_loop_done
+        sgeu    AT,t2,t0
+        seq     t9,t1,v1
+        and     AT,t9
+        sltu    t3,t0,ta2
+        daddu   v1,a2
+        dsubu   t1,t3
+        dsubu   t0,ta2
+        sltu    t8,t1,v1
+        sltu    ta0,v1,a2
+        or      t8,ta0
+        .set    noreorder
+        beqzl   AT,.L_bn_div_3_words_inner_loop
+        dsubu   v0,1
+        .set    reorder
+.L_bn_div_3_words_inner_loop_done:
+        jr      ra
+END(bn_div_3_words)
+
+.align  5
+LEAF(bn_div_words)
+        .set    noreorder
+        bnezl   a2,.L_bn_div_words_proceed
+        move    v1,zero
+        jr      ra
+        li      v0,-1           /* I'd rather signal div-by-zero
+                                 * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+        bltz    a2,.L_bn_div_words_body
+        move    t9,v1
+        dsll    a2,1
+        bgtz    a2,.-4
+        addu    t9,1
+
+        .set    reorder
+        negu    t1,t9
+        li      t2,-1
+        dsll    t2,t1
+        and     t2,a0
+        dsrl    AT,a1,t1
+        .set    noreorder
+        bnezl   t2,.+8
+        break   6               /* signal overflow */
+        .set    reorder
+        dsll    a0,t9
+        dsll    a1,t9
+        or      a0,AT
+
+#define QT      ta0
+#define HH      ta1
+#define DH      v1
+.L_bn_div_words_body:
+        dsrl    DH,a2,32
+        sgeu    AT,a0,a2
+        .set    noreorder
+        bnezl   AT,.+8
+        dsubu   a0,a2
+        .set    reorder
+
+        li      QT,-1
+        dsrl    HH,a0,32
+        dsrl    QT,32   /* q=0xffffffff */
+        beq     DH,HH,.L_bn_div_words_skip_div1
+        ddivu   zero,a0,DH
+        mflo    QT
+.L_bn_div_words_skip_div1:
+        dmultu  a2,QT
+        dsll    t3,a0,32
+        dsrl    AT,a1,32
+        or      t3,AT
+        mflo    t0
+        mfhi    t1
+.L_bn_div_words_inner_loop1:
+        sltu    t2,t3,t0
+        seq     t8,HH,t1
+        sltu    AT,HH,t1
+        and     t2,t8
+        sltu    v0,t0,a2
+        or      AT,t2
+        .set    noreorder
+        beqz    AT,.L_bn_div_words_inner_loop1_done
+        dsubu   t1,v0
+        dsubu   t0,a2
+        b       .L_bn_div_words_inner_loop1
+        dsubu   QT,1
+        .set    reorder
+.L_bn_div_words_inner_loop1_done:
+
+        dsll    a1,32
+        dsubu   a0,t3,t0
+        dsll    v0,QT,32
+
+        li      QT,-1
+        dsrl    HH,a0,32
+        dsrl    QT,32   /* q=0xffffffff */
+        beq     DH,HH,.L_bn_div_words_skip_div2
+        ddivu   zero,a0,DH
+        mflo    QT
+.L_bn_div_words_skip_div2:
+#undef  DH
+        dmultu  a2,QT
+        dsll    t3,a0,32
+        dsrl    AT,a1,32
+        or      t3,AT
+        mflo    t0
+        mfhi    t1
+.L_bn_div_words_inner_loop2:
+        sltu    t2,t3,t0
+        seq     t8,HH,t1
+        sltu    AT,HH,t1
+        and     t2,t8
+        sltu    v1,t0,a2
+        or      AT,t2
+        .set    noreorder
+        beqz    AT,.L_bn_div_words_inner_loop2_done
+        dsubu   t1,v1
+        dsubu   t0,a2
+        b       .L_bn_div_words_inner_loop2
+        dsubu   QT,1
+        .set    reorder
+.L_bn_div_words_inner_loop2_done:       
+#undef  HH
+
+        dsubu   a0,t3,t0
+        or      v0,QT
+        dsrl    v1,a0,t9        /* v1 contains remainder if anybody wants it */
+        dsrl    a2,t9           /* restore a2 */
+        jr      ra
+#undef  QT
+END(bn_div_words)
+
+#define a_0     t0
+#define a_1     t1
+#define a_2     t2
+#define a_3     t3
+#define b_0     ta0
+#define b_1     ta1
+#define b_2     ta2
+#define b_3     ta3
+
+#define a_4     s0
+#define a_5     s2
+#define a_6     s4
+#define a_7     a1      /* once we load a[7] we don't need a anymore */
+#define b_4     s1
+#define b_5     s3
+#define b_6     s5
+#define b_7     a2      /* once we load b[7] we don't need b anymore */
+
+#define t_1     t8
+#define t_2     t9
+
+#define c_1     v0
+#define c_2     v1
+#define c_3     a3
+
+#define FRAME_SIZE      48
+
+.align  5
+LEAF(bn_mul_comba8)
+        .set    noreorder
+        PTR_SUB sp,FRAME_SIZE
+        .frame  sp,64,ra
+        .set    reorder
+        ld      a_0,0(a1)       /* If compiled with -mips3 option on
+                                 * R5000 box assembler barks on this
+                                 * line with "shouldn't have mult/div
+                                 * as last instruction in bb (R10K
+                                 * bug)" warning. If anybody out there
+                                 * has a clue about how to circumvent
+                                 * this do send me a note.
+                                 *              <appro@fy.chalmers.se>
+                                 */
+        ld      b_0,0(a2)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+        ld      b_1,8(a2)
+        ld      b_2,16(a2)
+        ld      b_3,24(a2)
+        dmultu  a_0,b_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        sd      s0,0(sp)
+        sd      s1,8(sp)
+        sd      s2,16(sp)
+        sd      s3,24(sp)
+        sd      s4,32(sp)
+        sd      s5,40(sp)
+        mflo    c_1
+        mfhi    c_2
+
+        dmultu  a_0,b_1         /* mul_add_c(a[0],b[1],c2,c3,c1); */
+        ld      a_4,32(a1)
+        ld      a_5,40(a1)
+        ld      a_6,48(a1)
+        ld      a_7,56(a1)
+        ld      b_4,32(a2)
+        ld      b_5,40(a2)
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        dmultu  a_1,b_0         /* mul_add_c(a[1],b[0],c2,c3,c1); */
+        ld      b_6,48(a2)
+        ld      b_7,56(a2)
+        sd      c_1,0(a0)       /* r[0]=c1; */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        sd      c_2,8(a0)       /* r[1]=c2; */
+
+        dmultu  a_2,b_0         /* mul_add_c(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        dmultu  a_1,b_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_0,b_2         /* mul_add_c(a[0],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)      /* r[2]=c3; */
+
+        dmultu  a_0,b_3         /* mul_add_c(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_1,b_2         /* mul_add_c(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_1         /* mul_add_c(a[2],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_0         /* mul_add_c(a[3],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)      /* r[3]=c1; */
+
+        dmultu  a_4,b_0         /* mul_add_c(a[4],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_3,b_1         /* mul_add_c(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,b_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,b_3         /* mul_add_c(a[1],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_0,b_4         /* mul_add_c(a[0],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)      /* r[4]=c2; */
+
+        dmultu  a_0,b_5         /* mul_add_c(a[0],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_1,b_4         /* mul_add_c(a[1],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,b_3         /* mul_add_c(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_3,b_2         /* mul_add_c(a[3],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,b_1         /* mul_add_c(a[4],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,b_0         /* mul_add_c(a[5],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)      /* r[5]=c3; */
+
+        dmultu  a_6,b_0         /* mul_add_c(a[6],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_5,b_1         /* mul_add_c(a[5],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,b_2         /* mul_add_c(a[4],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_4         /* mul_add_c(a[2],b[4],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,b_5         /* mul_add_c(a[1],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_0,b_6         /* mul_add_c(a[0],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,48(a0)      /* r[6]=c1; */
+
+        dmultu  a_0,b_7         /* mul_add_c(a[0],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_1,b_6         /* mul_add_c(a[1],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,b_5         /* mul_add_c(a[2],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,b_4         /* mul_add_c(a[3],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_4,b_3         /* mul_add_c(a[4],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,b_2         /* mul_add_c(a[5],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_6,b_1         /* mul_add_c(a[6],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_7,b_0         /* mul_add_c(a[7],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,56(a0)      /* r[7]=c2; */
+
+        dmultu  a_7,b_1         /* mul_add_c(a[7],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_6,b_2         /* mul_add_c(a[6],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,b_3         /* mul_add_c(a[5],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,b_4         /* mul_add_c(a[4],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_3,b_5         /* mul_add_c(a[3],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,b_6         /* mul_add_c(a[2],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,b_7         /* mul_add_c(a[1],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,64(a0)      /* r[8]=c3; */
+
+        dmultu  a_2,b_7         /* mul_add_c(a[2],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_3,b_6         /* mul_add_c(a[3],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,b_5         /* mul_add_c(a[4],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,b_4         /* mul_add_c(a[5],b[4],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_6,b_3         /* mul_add_c(a[6],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_7,b_2         /* mul_add_c(a[7],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,72(a0)      /* r[9]=c1; */
+
+        dmultu  a_7,b_3         /* mul_add_c(a[7],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_6,b_4         /* mul_add_c(a[6],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,b_5         /* mul_add_c(a[5],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_4,b_6         /* mul_add_c(a[4],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,b_7         /* mul_add_c(a[3],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,80(a0)      /* r[10]=c2; */
+
+        dmultu  a_4,b_7         /* mul_add_c(a[4],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_5,b_6         /* mul_add_c(a[5],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_6,b_5         /* mul_add_c(a[6],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_7,b_4         /* mul_add_c(a[7],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,88(a0)      /* r[11]=c3; */
+
+        dmultu  a_7,b_5         /* mul_add_c(a[7],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_6,b_6         /* mul_add_c(a[6],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,b_7         /* mul_add_c(a[5],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,96(a0)      /* r[12]=c1; */
+
+        dmultu  a_6,b_7         /* mul_add_c(a[6],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_7,b_6         /* mul_add_c(a[7],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,104(a0)     /* r[13]=c2; */
+
+        dmultu  a_7,b_7         /* mul_add_c(a[7],b[7],c3,c1,c2); */
+        ld      s0,0(sp)
+        ld      s1,8(sp)
+        ld      s2,16(sp)
+        ld      s3,24(sp)
+        ld      s4,32(sp)
+        ld      s5,40(sp)
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sd      c_3,112(a0)     /* r[14]=c3; */
+        sd      c_1,120(a0)     /* r[15]=c1; */
+
+        PTR_ADD sp,FRAME_SIZE
+
+        jr      ra
+END(bn_mul_comba8)
+
+.align  5
+LEAF(bn_mul_comba4)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      b_0,0(a2)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        dmultu  a_0,b_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        ld      a_3,24(a1)
+        ld      b_1,8(a2)
+        ld      b_2,16(a2)
+        ld      b_3,24(a2)
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+
+        dmultu  a_0,b_1         /* mul_add_c(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        dmultu  a_1,b_0         /* mul_add_c(a[1],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        sd      c_2,8(a0)
+
+        dmultu  a_2,b_0         /* mul_add_c(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        dmultu  a_1,b_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_0,b_2         /* mul_add_c(a[0],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+
+        dmultu  a_0,b_3         /* mul_add_c(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_1,b_2         /* mul_add_c(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_1         /* mul_add_c(a[2],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_0         /* mul_add_c(a[3],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+
+        dmultu  a_3,b_1         /* mul_add_c(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_2,b_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,b_3         /* mul_add_c(a[1],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+
+        dmultu  a_2,b_3         /* mul_add_c(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_3,b_2         /* mul_add_c(a[3],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+
+        dmultu  a_3,b_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sd      c_1,48(a0)
+        sd      c_2,56(a0)
+
+        jr      ra
+END(bn_mul_comba4)
+
+#undef  a_4
+#undef  a_5
+#undef  a_6
+#undef  a_7
+#define a_4     b_0
+#define a_5     b_1
+#define a_6     b_2
+#define a_7     b_3
+
+.align  5
+LEAF(bn_sqr_comba8)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+
+        dmultu  a_0,a_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        ld      a_4,32(a1)
+        ld      a_5,40(a1)
+        ld      a_6,48(a1)
+        ld      a_7,56(a1)
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+
+        dmultu  a_0,a_1         /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        sd      c_2,8(a0)
+
+        dmultu  a_2,a_0         /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+
+        dmultu  a_0,a_3         /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,a_2         /* mul_add_c2(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+
+        dmultu  a_4,a_0         /* mul_add_c2(a[4],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,a_1         /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+
+        dmultu  a_0,a_5         /* mul_add_c2(a[0],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_4         /* mul_add_c2(a[1],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,a_3         /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+
+        dmultu  a_6,a_0         /* mul_add_c2(a[6],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,a_1         /* mul_add_c2(a[5],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,a_2         /* mul_add_c2(a[4],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,a_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,48(a0)
+
+        dmultu  a_0,a_7         /* mul_add_c2(a[0],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,a_6         /* mul_add_c2(a[1],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_5         /* mul_add_c2(a[2],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,a_4         /* mul_add_c2(a[3],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,56(a0)
+
+        dmultu  a_7,a_1         /* mul_add_c2(a[7],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_6,a_2         /* mul_add_c2(a[6],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,a_3         /* mul_add_c2(a[5],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,a_4         /* mul_add_c(a[4],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,64(a0)
+
+        dmultu  a_2,a_7         /* mul_add_c2(a[2],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,a_6         /* mul_add_c2(a[3],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,a_5         /* mul_add_c2(a[4],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,72(a0)
+
+        dmultu  a_7,a_3         /* mul_add_c2(a[7],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_6,a_4         /* mul_add_c2(a[6],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,a_5         /* mul_add_c(a[5],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,80(a0)
+
+        dmultu  a_4,a_7         /* mul_add_c2(a[4],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,a_6         /* mul_add_c2(a[5],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,88(a0)
+
+        dmultu  a_7,a_5         /* mul_add_c2(a[7],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_6,a_6         /* mul_add_c(a[6],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,96(a0)
+
+        dmultu  a_6,a_7         /* mul_add_c2(a[6],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,104(a0)
+
+        dmultu  a_7,a_7         /* mul_add_c(a[7],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sd      c_3,112(a0)
+        sd      c_1,120(a0)
+
+        jr      ra
+END(bn_sqr_comba8)
+
+.align  5
+LEAF(bn_sqr_comba4)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+        dmultu  a_0,a_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+
+        dmultu  a_0,a_1         /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        sd      c_2,8(a0)
+
+        dmultu  a_2,a_0         /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+
+        dmultu  a_0,a_3         /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,a_2         /* mul_add_c(a2[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+
+        dmultu  a_3,a_1         /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+
+        dmultu  a_2,a_3         /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+
+        dmultu  a_3,a_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sd      c_1,48(a0)
+        sd      c_2,56(a0)
+
+        jr      ra
+END(bn_sqr_comba4)
diff --git a/src/lib/libcrypto/bn/asm/vms.mar b/src/lib/libcrypto/bn/asm/vms.mar
new file mode 100644
index 0000000000..aefab15cdb
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/vms.mar
@@ -0,0 +1,6440 @@
+        .title  vax_bn_mul_add_words  unsigned multiply & add, 32*32+32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;       ULONG c = 0;
+;       int i;
+;       for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+;       return c;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+w=16 ;(AP)      w       by value (input)
+
+
+        .psect  code,nowrt
+
+.entry  bn_mul_add_words,^m<r2,r3,r4,r5,r6>
+
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        movl    n(ap),r4        ; assumed >0 by C code
+        movl    w(ap),r5
+        clrl    r6              ; c
+
+0$:
+        emul    r5,(r3),(r2),r0         ; w, a[], r[] considered signed
+
+        ; fixup for "negative" r[]
+        tstl    (r2)
+        bgeq    10$
+        incl    r1
+10$:
+
+        ; add in c
+        addl2   r6,r0
+        adwc    #0,r1
+
+        ; combined fixup for "negative" w, a[]
+        tstl    r5
+        bgeq    20$
+        addl2   (r3),r1
+20$:
+        tstl    (r3)
+        bgeq    30$
+        addl2   r5,r1
+30$:
+
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        addl    #4,r3                   ; advance a[]
+        movl    r1,r6                   ; store hi result => c
+
+        sobgtr  r4,0$
+
+        movl    r6,r0                   ; return c
+        ret
+
+        .title  vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;       ULONG c = 0;
+;       int i;
+;       for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+;       return(c);
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+w=16 ;(AP)      w       by value (input)
+
+
+        .psect  code,nowrt
+
+.entry  bn_mul_words,^m<r2,r3,r4,r5,r6>
+
+        moval   @r(ap),r2       ; r2 -> r[]
+        moval   @a(ap),r3       ; r3 -> a[]
+        movl    n(ap),r4        ; r4 = loop count (assumed >0 by C code)
+        movl    w(ap),r5        ; r5 = w
+        clrl    r6              ; r6 = c
+
+0$:
+        ; <r1,r0> := w * a[] + c
+        emul    r5,(r3),r6,r0           ; w, a[], c considered signed
+
+        ; fixup for "negative" c
+        tstl    r6                      ; c
+        bgeq    10$
+        incl    r1
+10$:
+
+        ; combined fixup for "negative" w, a[]
+        tstl    r5                      ; w
+        bgeq    20$
+        addl2   (r3),r1                 ; a[]
+20$:
+        tstl    (r3)                    ; a[]
+        bgeq    30$
+        addl2   r5,r1                   ; w
+30$:
+
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        addl    #4,r3                   ; advance a[]
+        movl    r1,r6                   ; store hi result => c
+
+        sobgtr  r4,0$
+
+        movl    r6,r0                   ; return c
+        ret
+
+        .title  vax_bn_sqr_words  unsigned square, 32*32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+;       int i;
+;       for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+
+
+        .psect  code,nowrt
+
+.entry  bn_sqr_words,^m<r2,r3,r4,r5>
+
+        moval   @r(ap),r2       ; r2 -> r[]
+        moval   @a(ap),r3       ; r3 -> a[]
+        movl    n(ap),r4        ; r4 = n (assumed >0 by C code)
+
+0$:
+        movl    (r3)+,r5                ; r5 = a[] & advance
+
+        ; <r1,r0> := a[] * a[]
+        emul    r5,r5,#0,r0             ; a[] considered signed
+
+        ; fixup for "negative" a[]
+        tstl    r5                      ; a[]
+        bgeq    30$
+        addl2   r5,r1                   ; a[]
+        addl2   r5,r1                   ; a[]
+30$:
+
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        movl    r1,(r2)+                ; store hi result in r[] & advance
+
+        sobgtr  r4,0$
+
+        movl    #1,r0                   ; return SS$_NORMAL
+        ret
+
+        .title  vax_bn_div_words  unsigned divide
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+; {
+;       return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+; }
+;
+; Using EDIV would be very easy, if it didn't do signed calculations.
+; Any time any of the input numbers are signed, there are problems,
+; usually with integer overflow, at which point it returns useless
+; data (the quotient gets the value of l, and the remainder becomes 0).
+;
+; If it was just for the dividend, it would be very easy, just divide
+; it by 2 (unsigned), do the division, multiply the resulting quotient
+; and remainder by 2, add the bit that was dropped when dividing by 2
+; to the remainder, and do some adjustment so the remainder doesn't
+; end up larger than the divisor.  For some cases when the divisor is
+; negative (from EDIV's point of view, i.e. when the highest bit is set),
+; dividing the dividend by 2 isn't enough, and since some operations
+; might generate integer overflows even when the dividend is divided by
+; 4 (when the high part of the shifted down dividend ends up being exactly
+; half of the divisor, the result is the quotient 0x80000000, which is
+; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
+; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
+; In this case, a little extra fiddling with the remainder is required.
+;
+; So, the simplest way to handle this is always to divide the dividend
+; by 8, and to divide the divisor by 2 if it's highest bit is set.
+; After EDIV has been used, the quotient gets multiplied by 8 if the
+; original divisor was positive, otherwise 4.  The remainder, oddly
+; enough, is *always* multiplied by 8.
+; NOTE: in the case mentioned above, where the high part of the shifted
+; down dividend ends up being exactly half the shifted down divisor, we
+; end up with a 33 bit quotient.  That's no problem however, it usually
+; means we have ended up with a too large remainder as well, and the
+; problem is fixed by the last part of the algorithm (next paragraph).
+;
+; The routine ends with comparing the resulting remainder with the
+; original divisor and if the remainder is larger, subtract the
+; original divisor from it, and increase the quotient by 1.  This is
+; done until the remainder is smaller than the divisor.
+;
+; The complete algorithm looks like this:
+;
+; d'    = d
+; l'    = l & 7
+; [h,l] = [h,l] >> 3
+; [q,r] = floor([h,l] / d)      # This is the EDIV operation
+; if (q < 0) q = -q             # I doubt this is necessary any more
+;
+; r'    = r >> 29
+; if (d' >= 0)
+;   q'  = q >> 29
+;   q   = q << 3
+; else
+;   q'  = q >> 30
+;   q   = q << 2
+; r     = (r << 3) + l'
+;
+; if (d' < 0)
+;   {
+;     [r',r] = [r',r] - q
+;     while ([r',r] < 0)
+;       {
+;         [r',r] = [r',r] + d
+;         [q',q] = [q',q] - 1
+;       }
+;   }
+;
+; while ([r',r] >= d')
+;   {
+;     [r',r] = [r',r] - d'
+;     [q',q] = [q',q] + 1
+;   }
+;
+; return q
+
+h=4 ;(AP)       h       by value (input)
+l=8 ;(AP)       l       by value (input)
+d=12 ;(AP)      d       by value (input)
+
+;r2 = l, q
+;r3 = h, r
+;r4 = d
+;r5 = l'
+;r6 = r'
+;r7 = d'
+;r8 = q'
+
+        .psect  code,nowrt
+
+.entry  bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
+        movl    l(ap),r2
+        movl    h(ap),r3
+        movl    d(ap),r4
+
+        bicl3   #^XFFFFFFF8,r2,r5 ; l' = l & 7
+        bicl3   #^X00000007,r2,r2
+
+        bicl3   #^XFFFFFFF8,r3,r6
+        bicl3   #^X00000007,r3,r3
+        
+        addl    r6,r2
+
+        rotl    #-3,r2,r2       ; l = l >> 3
+        rotl    #-3,r3,r3       ; h = h >> 3
+                
+        movl    r4,r7           ; d' = d
+
+        movl    #0,r6           ; r' = 0
+        movl    #0,r8           ; q' = 0
+
+        tstl    r4
+        beql    666$            ; Uh-oh, the divisor is 0...
+        bgtr    1$
+        rotl    #-1,r4,r4       ; If d is negative, shift it right.
+        bicl2   #^X80000000,r4  ; Since d is then a large number, the
+                                ; lowest bit is insignificant
+                                ; (contradict that, and I'll fix the problem!)
+1$:     
+        ediv    r4,r2,r2,r3     ; Do the actual division
+
+        tstl    r2
+        bgeq    3$
+        mnegl   r2,r2           ; if q < 0, negate it
+3$:     
+        tstl    r7
+        blss    4$
+        rotl    #3,r2,r2        ;   q = q << 3
+        bicl3   #^XFFFFFFF8,r2,r8 ;    q' gets the high bits from q
+        bicl3   #^X00000007,r2,r2
+        bsb     41$
+4$:                             ; else
+        rotl    #2,r2,r2        ;   q = q << 2
+        bicl3   #^XFFFFFFFC,r2,r8 ;   q' gets the high bits from q
+        bicl3   #^X00000003,r2,r2
+41$:
+        rotl    #3,r3,r3        ; r = r << 3
+        bicl3   #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
+        bicl3   #^X00000007,r3,r3
+        addl    r5,r3           ; r = r + l'
+
+        tstl    r7
+        bgeq    5$
+        bitl    #1,r7
+        beql    5$              ; if d' < 0 && d' & 1
+        subl    r2,r3           ;   [r',r] = [r',r] - [q',q]
+        sbwc    r8,r6
+45$:
+        bgeq    5$              ;   while r < 0
+        decl    r2              ;     [q',q] = [q',q] - 1
+        sbwc    #0,r8
+        addl    r7,r3           ;     [r',r] = [r',r] + d'
+        adwc    #0,r6
+        brb     45$
+
+; The return points are placed in the middle to keep a short distance from
+; all the branch points
+42$:
+;       movl    r3,r1
+        movl    r2,r0
+        ret
+666$:
+        movl    #^XFFFFFFFF,r0
+        ret
+
+5$:
+        tstl    r6
+        bneq    6$
+        cmpl    r3,r7
+        blssu   42$             ; while [r',r] >= d'
+6$:
+        subl    r7,r3           ;   [r',r] = [r',r] - d'
+        sbwc    #0,r6
+        incl    r2              ;   [q',q] = [q',q] + 1
+        adwc    #0,r8
+        brb     5$      
+
+        .title  vax_bn_add_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;       ULONG c = 0;
+;       int i;
+;       for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+;       return(c);
+; }
+
+r=4 ;(AP)       r       by reference (output)
+a=8 ;(AP)       a       by reference (input)
+b=12 ;(AP)      b       by reference (input)
+n=16 ;(AP)      n       by value (input)
+
+
+        .psect  code,nowrt
+
+.entry  bn_add_words,^m<r2,r3,r4,r5,r6>
+
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        moval   @b(ap),r4
+        movl    n(ap),r5        ; assumed >0 by C code
+        clrl    r0              ; c
+
+        tstl    r5              ; carry = 0
+        bleq    666$
+
+0$:
+        movl    (r3)+,r6        ; carry untouched
+        adwc    (r4)+,r6        ; carry used and touched
+        movl    r6,(r2)+        ; carry untouched
+        sobgtr  r5,0$           ; carry untouched
+
+        adwc    #0,r0
+666$:
+        ret
+
+        .title  vax_bn_sub_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;       ULONG c = 0;
+;       int i;
+;       for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+;       return(c);
+; }
+
+r=4 ;(AP)       r       by reference (output)
+a=8 ;(AP)       a       by reference (input)
+b=12 ;(AP)      b       by reference (input)
+n=16 ;(AP)      n       by value (input)
+
+
+        .psect  code,nowrt
+
+.entry  bn_sub_words,^m<r2,r3,r4,r5,r6>
+
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        moval   @b(ap),r4
+        movl    n(ap),r5        ; assumed >0 by C code
+        clrl    r0              ; c
+
+        tstl    r5              ; carry = 0
+        bleq    666$
+
+0$:
+        movl    (r3)+,r6        ; carry untouched
+        sbwc    (r4)+,r6        ; carry used and touched
+        movl    r6,(r2)+        ; carry untouched
+        sobgtr  r5,0$           ; carry untouched
+
+        adwc    #0,r0
+666$:
+        ret
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+
+        .psect  code,nowrt
+
+.entry  BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+        movab   -924(sp),sp
+        clrq    r8
+
+        clrl    r10
+
+        movl    8(ap),r6
+        movzwl  2(r6),r3
+        movl    12(ap),r7
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-12(fp)
+        bicl3   #-65536,r3,-16(fp)
+        mull3   r0,-12(fp),-4(fp)
+        mull2   r2,-12(fp)
+        mull3   r2,-16(fp),-8(fp)
+        mull2   r0,-16(fp)
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.45
+        addl2   #65536,-16(fp)
+noname.45:
+        movzwl  -2(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-16(fp)
+        bicl3   #-65536,-4(fp),r0
+        ashl    #16,r0,-8(fp)
+        addl3   -8(fp),-12(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-8(fp)
+        bgequ   noname.46
+        incl    -16(fp)
+noname.46:
+        movl    -12(fp),r1
+        movl    -16(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.47
+        incl    r2
+noname.47:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.48
+        incl    r10
+noname.48:
+
+        movl    4(ap),r11
+        movl    r9,(r11)
+
+        clrl    r9
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-28(fp)
+        bicl3   #-65536,r2,-32(fp)
+        mull3   r0,-28(fp),-20(fp)
+        mull2   r3,-28(fp)
+        mull3   r3,-32(fp),-24(fp)
+        mull2   r0,-32(fp)
+        addl3   -20(fp),-24(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-24(fp)
+        bgequ   noname.49
+        addl2   #65536,-32(fp)
+noname.49:
+        movzwl  -18(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-32(fp)
+        bicl3   #-65536,-20(fp),r0
+        ashl    #16,r0,-24(fp)
+        addl3   -24(fp),-28(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-24(fp)
+        bgequ   noname.50
+        incl    -32(fp)
+noname.50:
+        movl    -28(fp),r1
+        movl    -32(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.51
+        incl    r2
+noname.51:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.52
+        incl    r9
+noname.52:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-44(fp)
+        bicl3   #-65536,r2,-48(fp)
+        mull3   r0,-44(fp),-36(fp)
+        mull2   r3,-44(fp)
+        mull3   r3,-48(fp),-40(fp)
+        mull2   r0,-48(fp)
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.53
+        addl2   #65536,-48(fp)
+noname.53:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-48(fp)
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl3   -40(fp),-44(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-40(fp)
+        bgequ   noname.54
+        incl    -48(fp)
+noname.54:
+        movl    -44(fp),r1
+        movl    -48(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.55
+        incl    r2
+noname.55:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.56
+        incl    r9
+noname.56:
+
+        movl    r8,4(r11)
+
+        clrl    r8
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-60(fp)
+        bicl3   #-65536,r2,-64(fp)
+        mull3   r0,-60(fp),-52(fp)
+        mull2   r3,-60(fp)
+        mull3   r3,-64(fp),-56(fp)
+        mull2   r0,-64(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.57
+        addl2   #65536,-64(fp)
+noname.57:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-64(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl3   -56(fp),-60(fp),r0
+        bicl3   #0,r0,-60(fp)
+        cmpl    -60(fp),-56(fp)
+        bgequ   noname.58
+        incl    -64(fp)
+noname.58:
+        movl    -60(fp),r1
+        movl    -64(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.59
+        incl    r2
+noname.59:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.60
+        incl    r8
+noname.60:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-76(fp)
+        bicl3   #-65536,r2,-80(fp)
+        mull3   r0,-76(fp),-68(fp)
+        mull2   r3,-76(fp)
+        mull3   r3,-80(fp),-72(fp)
+        mull2   r0,-80(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-68(fp)
+        cmpl    -68(fp),-72(fp)
+        bgequ   noname.61
+        addl2   #65536,-80(fp)
+noname.61:
+        movzwl  -66(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-80(fp)
+        bicl3   #-65536,-68(fp),r0
+        ashl    #16,r0,-72(fp)
+        addl3   -72(fp),-76(fp),r0
+        bicl3   #0,r0,-76(fp)
+        cmpl    -76(fp),-72(fp)
+        bgequ   noname.62
+        incl    -80(fp)
+noname.62:
+        movl    -76(fp),r1
+        movl    -80(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.63
+        incl    r2
+noname.63:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.64
+        incl    r8
+noname.64:
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-92(fp)
+        bicl3   #-65536,r2,-96(fp)
+        mull3   r0,-92(fp),-84(fp)
+        mull2   r3,-92(fp)
+        mull3   r3,-96(fp),-88(fp)
+        mull2   r0,-96(fp)
+        addl3   -84(fp),-88(fp),r0
+        bicl3   #0,r0,-84(fp)
+        cmpl    -84(fp),-88(fp)
+        bgequ   noname.65
+        addl2   #65536,-96(fp)
+noname.65:
+        movzwl  -82(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-96(fp)
+        bicl3   #-65536,-84(fp),r0
+        ashl    #16,r0,-88(fp)
+        addl3   -88(fp),-92(fp),r0
+        bicl3   #0,r0,-92(fp)
+        cmpl    -92(fp),-88(fp)
+        bgequ   noname.66
+        incl    -96(fp)
+noname.66:
+        movl    -92(fp),r1
+        movl    -96(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.67
+        incl    r2
+noname.67:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.68
+        incl    r8
+noname.68:
+
+        movl    r10,8(r11)
+
+        clrl    r10
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-108(fp)
+        bicl3   #-65536,r2,-112(fp)
+        mull3   r0,-108(fp),-100(fp)
+        mull2   r3,-108(fp)
+        mull3   r3,-112(fp),-104(fp)
+        mull2   r0,-112(fp)
+        addl3   -100(fp),-104(fp),r0
+        bicl3   #0,r0,-100(fp)
+        cmpl    -100(fp),-104(fp)
+        bgequ   noname.69
+        addl2   #65536,-112(fp)
+noname.69:
+        movzwl  -98(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-112(fp)
+        bicl3   #-65536,-100(fp),r0
+        ashl    #16,r0,-104(fp)
+        addl3   -104(fp),-108(fp),r0
+        bicl3   #0,r0,-108(fp)
+        cmpl    -108(fp),-104(fp)
+        bgequ   noname.70
+        incl    -112(fp)
+noname.70:
+        movl    -108(fp),r1
+        movl    -112(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.71
+        incl    r2
+noname.71:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.72
+        incl    r10
+noname.72:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-124(fp)
+        bicl3   #-65536,r2,-128(fp)
+        mull3   r0,-124(fp),-116(fp)
+        mull2   r3,-124(fp)
+        mull3   r3,-128(fp),-120(fp)
+        mull2   r0,-128(fp)
+        addl3   -116(fp),-120(fp),r0
+        bicl3   #0,r0,-116(fp)
+        cmpl    -116(fp),-120(fp)
+        bgequ   noname.73
+        addl2   #65536,-128(fp)
+noname.73:
+        movzwl  -114(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-128(fp)
+        bicl3   #-65536,-116(fp),r0
+        ashl    #16,r0,-120(fp)
+        addl3   -120(fp),-124(fp),r0
+        bicl3   #0,r0,-124(fp)
+        cmpl    -124(fp),-120(fp)
+        bgequ   noname.74
+        incl    -128(fp)
+noname.74:
+        movl    -124(fp),r1
+        movl    -128(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.75
+        incl    r2
+noname.75:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.76
+        incl    r10
+noname.76:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-140(fp)
+        bicl3   #-65536,r2,-144(fp)
+        mull3   r0,-140(fp),-132(fp)
+        mull2   r3,-140(fp)
+        mull3   r3,-144(fp),-136(fp)
+        mull2   r0,-144(fp)
+        addl3   -132(fp),-136(fp),r0
+        bicl3   #0,r0,-132(fp)
+        cmpl    -132(fp),-136(fp)
+        bgequ   noname.77
+        addl2   #65536,-144(fp)
+noname.77:
+        movzwl  -130(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-144(fp)
+        bicl3   #-65536,-132(fp),r0
+        ashl    #16,r0,-136(fp)
+        addl3   -136(fp),-140(fp),r0
+        bicl3   #0,r0,-140(fp)
+        cmpl    -140(fp),-136(fp)
+        bgequ   noname.78
+        incl    -144(fp)
+noname.78:
+        movl    -140(fp),r1
+        movl    -144(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.79
+        incl    r2
+noname.79:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.80
+        incl    r10
+noname.80:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-156(fp)
+        bicl3   #-65536,r2,-160(fp)
+        mull3   r0,-156(fp),-148(fp)
+        mull2   r3,-156(fp)
+        mull3   r3,-160(fp),-152(fp)
+        mull2   r0,-160(fp)
+        addl3   -148(fp),-152(fp),r0
+        bicl3   #0,r0,-148(fp)
+        cmpl    -148(fp),-152(fp)
+        bgequ   noname.81
+        addl2   #65536,-160(fp)
+noname.81:
+        movzwl  -146(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-160(fp)
+        bicl3   #-65536,-148(fp),r0
+        ashl    #16,r0,-152(fp)
+        addl3   -152(fp),-156(fp),r0
+        bicl3   #0,r0,-156(fp)
+        cmpl    -156(fp),-152(fp)
+        bgequ   noname.82
+        incl    -160(fp)
+noname.82:
+        movl    -156(fp),r1
+        movl    -160(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.83
+        incl    r2
+noname.83:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.84
+        incl    r10
+noname.84:
+
+        movl    r9,12(r11)
+
+        clrl    r9
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-172(fp)
+        bicl3   #-65536,r2,-176(fp)
+        mull3   r0,-172(fp),-164(fp)
+        mull2   r3,-172(fp)
+        mull3   r3,-176(fp),-168(fp)
+        mull2   r0,-176(fp)
+        addl3   -164(fp),-168(fp),r0
+        bicl3   #0,r0,-164(fp)
+        cmpl    -164(fp),-168(fp)
+        bgequ   noname.85
+        addl2   #65536,-176(fp)
+noname.85:
+        movzwl  -162(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-176(fp)
+        bicl3   #-65536,-164(fp),r0
+        ashl    #16,r0,-168(fp)
+        addl3   -168(fp),-172(fp),r0
+        bicl3   #0,r0,-172(fp)
+        cmpl    -172(fp),-168(fp)
+        bgequ   noname.86
+        incl    -176(fp)
+noname.86:
+        movl    -172(fp),r1
+        movl    -176(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.87
+        incl    r2
+noname.87:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.88
+        incl    r9
+noname.88:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-188(fp)
+        bicl3   #-65536,r2,-192(fp)
+        mull3   r0,-188(fp),-180(fp)
+        mull2   r3,-188(fp)
+        mull3   r3,-192(fp),-184(fp)
+        mull2   r0,-192(fp)
+        addl3   -180(fp),-184(fp),r0
+        bicl3   #0,r0,-180(fp)
+        cmpl    -180(fp),-184(fp)
+        bgequ   noname.89
+        addl2   #65536,-192(fp)
+noname.89:
+        movzwl  -178(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-192(fp)
+        bicl3   #-65536,-180(fp),r0
+        ashl    #16,r0,-184(fp)
+        addl3   -184(fp),-188(fp),r0
+        bicl3   #0,r0,-188(fp)
+        cmpl    -188(fp),-184(fp)
+        bgequ   noname.90
+        incl    -192(fp)
+noname.90:
+        movl    -188(fp),r1
+        movl    -192(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.91
+        incl    r2
+noname.91:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.92
+        incl    r9
+noname.92:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-204(fp)
+        bicl3   #-65536,r2,-208(fp)
+        mull3   r0,-204(fp),-196(fp)
+        mull2   r3,-204(fp)
+        mull3   r3,-208(fp),-200(fp)
+        mull2   r0,-208(fp)
+        addl3   -196(fp),-200(fp),r0
+        bicl3   #0,r0,-196(fp)
+        cmpl    -196(fp),-200(fp)
+        bgequ   noname.93
+        addl2   #65536,-208(fp)
+noname.93:
+        movzwl  -194(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-208(fp)
+        bicl3   #-65536,-196(fp),r0
+        ashl    #16,r0,-200(fp)
+        addl3   -200(fp),-204(fp),r0
+        bicl3   #0,r0,-204(fp)
+        cmpl    -204(fp),-200(fp)
+        bgequ   noname.94
+        incl    -208(fp)
+noname.94:
+        movl    -204(fp),r1
+        movl    -208(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.95
+        incl    r2
+noname.95:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.96
+        incl    r9
+noname.96:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-220(fp)
+        bicl3   #-65536,r2,-224(fp)
+        mull3   r0,-220(fp),-212(fp)
+        mull2   r3,-220(fp)
+        mull3   r3,-224(fp),-216(fp)
+        mull2   r0,-224(fp)
+        addl3   -212(fp),-216(fp),r0
+        bicl3   #0,r0,-212(fp)
+        cmpl    -212(fp),-216(fp)
+        bgequ   noname.97
+        addl2   #65536,-224(fp)
+noname.97:
+        movzwl  -210(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-224(fp)
+        bicl3   #-65536,-212(fp),r0
+        ashl    #16,r0,-216(fp)
+        addl3   -216(fp),-220(fp),r0
+        bicl3   #0,r0,-220(fp)
+        cmpl    -220(fp),-216(fp)
+        bgequ   noname.98
+        incl    -224(fp)
+noname.98:
+        movl    -220(fp),r1
+        movl    -224(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.99
+        incl    r2
+noname.99:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.100
+        incl    r9
+noname.100:
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-236(fp)
+        bicl3   #-65536,r2,-240(fp)
+        mull3   r0,-236(fp),-228(fp)
+        mull2   r3,-236(fp)
+        mull3   r3,-240(fp),-232(fp)
+        mull2   r0,-240(fp)
+        addl3   -228(fp),-232(fp),r0
+        bicl3   #0,r0,-228(fp)
+        cmpl    -228(fp),-232(fp)
+        bgequ   noname.101
+        addl2   #65536,-240(fp)
+noname.101:
+        movzwl  -226(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-240(fp)
+        bicl3   #-65536,-228(fp),r0
+        ashl    #16,r0,-232(fp)
+        addl3   -232(fp),-236(fp),r0
+        bicl3   #0,r0,-236(fp)
+        cmpl    -236(fp),-232(fp)
+        bgequ   noname.102
+        incl    -240(fp)
+noname.102:
+        movl    -236(fp),r1
+        movl    -240(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.103
+        incl    r2
+noname.103:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.104
+        incl    r9
+noname.104:
+
+        movl    r8,16(r11)
+
+        clrl    r8
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-252(fp)
+        bicl3   #-65536,r2,-256(fp)
+        mull3   r0,-252(fp),-244(fp)
+        mull2   r3,-252(fp)
+        mull3   r3,-256(fp),-248(fp)
+        mull2   r0,-256(fp)
+        addl3   -244(fp),-248(fp),r0
+        bicl3   #0,r0,-244(fp)
+        cmpl    -244(fp),-248(fp)
+        bgequ   noname.105
+        addl2   #65536,-256(fp)
+noname.105:
+        movzwl  -242(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-256(fp)
+        bicl3   #-65536,-244(fp),r0
+        ashl    #16,r0,-248(fp)
+        addl3   -248(fp),-252(fp),r0
+        bicl3   #0,r0,-252(fp)
+        cmpl    -252(fp),-248(fp)
+        bgequ   noname.106
+        incl    -256(fp)
+noname.106:
+        movl    -252(fp),r1
+        movl    -256(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.107
+        incl    r2
+noname.107:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.108
+        incl    r8
+noname.108:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-268(fp)
+        bicl3   #-65536,r2,-272(fp)
+        mull3   r0,-268(fp),-260(fp)
+        mull2   r3,-268(fp)
+        mull3   r3,-272(fp),-264(fp)
+        mull2   r0,-272(fp)
+        addl3   -260(fp),-264(fp),r0
+        bicl3   #0,r0,-260(fp)
+        cmpl    -260(fp),-264(fp)
+        bgequ   noname.109
+        addl2   #65536,-272(fp)
+noname.109:
+        movzwl  -258(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-272(fp)
+        bicl3   #-65536,-260(fp),r0
+        ashl    #16,r0,-264(fp)
+        addl3   -264(fp),-268(fp),r0
+        bicl3   #0,r0,-268(fp)
+        cmpl    -268(fp),-264(fp)
+        bgequ   noname.110
+        incl    -272(fp)
+noname.110:
+        movl    -268(fp),r1
+        movl    -272(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.111
+        incl    r2
+noname.111:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.112
+        incl    r8
+noname.112:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-284(fp)
+        bicl3   #-65536,r2,-288(fp)
+        mull3   r0,-284(fp),-276(fp)
+        mull2   r3,-284(fp)
+        mull3   r3,-288(fp),-280(fp)
+        mull2   r0,-288(fp)
+        addl3   -276(fp),-280(fp),r0
+        bicl3   #0,r0,-276(fp)
+        cmpl    -276(fp),-280(fp)
+        bgequ   noname.113
+        addl2   #65536,-288(fp)
+noname.113:
+        movzwl  -274(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-288(fp)
+        bicl3   #-65536,-276(fp),r0
+        ashl    #16,r0,-280(fp)
+        addl3   -280(fp),-284(fp),r0
+        bicl3   #0,r0,-284(fp)
+        cmpl    -284(fp),-280(fp)
+        bgequ   noname.114
+        incl    -288(fp)
+noname.114:
+        movl    -284(fp),r1
+        movl    -288(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.115
+        incl    r2
+noname.115:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.116
+        incl    r8
+noname.116:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-300(fp)
+        bicl3   #-65536,r2,-304(fp)
+        mull3   r0,-300(fp),-292(fp)
+        mull2   r3,-300(fp)
+        mull3   r3,-304(fp),-296(fp)
+        mull2   r0,-304(fp)
+        addl3   -292(fp),-296(fp),r0
+        bicl3   #0,r0,-292(fp)
+        cmpl    -292(fp),-296(fp)
+        bgequ   noname.117
+        addl2   #65536,-304(fp)
+noname.117:
+        movzwl  -290(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-304(fp)
+        bicl3   #-65536,-292(fp),r0
+        ashl    #16,r0,-296(fp)
+        addl3   -296(fp),-300(fp),r0
+        bicl3   #0,r0,-300(fp)
+        cmpl    -300(fp),-296(fp)
+        bgequ   noname.118
+        incl    -304(fp)
+noname.118:
+        movl    -300(fp),r1
+        movl    -304(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.119
+        incl    r2
+noname.119:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.120
+        incl    r8
+noname.120:
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-316(fp)
+        bicl3   #-65536,r2,-320(fp)
+        mull3   r0,-316(fp),-308(fp)
+        mull2   r3,-316(fp)
+        mull3   r3,-320(fp),-312(fp)
+        mull2   r0,-320(fp)
+        addl3   -308(fp),-312(fp),r0
+        bicl3   #0,r0,-308(fp)
+        cmpl    -308(fp),-312(fp)
+        bgequ   noname.121
+        addl2   #65536,-320(fp)
+noname.121:
+        movzwl  -306(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-320(fp)
+        bicl3   #-65536,-308(fp),r0
+        ashl    #16,r0,-312(fp)
+        addl3   -312(fp),-316(fp),r0
+        bicl3   #0,r0,-316(fp)
+        cmpl    -316(fp),-312(fp)
+        bgequ   noname.122
+        incl    -320(fp)
+noname.122:
+        movl    -316(fp),r1
+        movl    -320(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.123
+        incl    r2
+
+noname.123:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.124
+        incl    r8
+noname.124:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-332(fp)
+        bicl3   #-65536,r2,-336(fp)
+        mull3   r0,-332(fp),-324(fp)
+        mull2   r3,-332(fp)
+        mull3   r3,-336(fp),-328(fp)
+        mull2   r0,-336(fp)
+        addl3   -324(fp),-328(fp),r0
+        bicl3   #0,r0,-324(fp)
+        cmpl    -324(fp),-328(fp)
+        bgequ   noname.125
+        addl2   #65536,-336(fp)
+noname.125:
+        movzwl  -322(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-336(fp)
+        bicl3   #-65536,-324(fp),r0
+        ashl    #16,r0,-328(fp)
+        addl3   -328(fp),-332(fp),r0
+        bicl3   #0,r0,-332(fp)
+        cmpl    -332(fp),-328(fp)
+        bgequ   noname.126
+        incl    -336(fp)
+noname.126:
+        movl    -332(fp),r1
+        movl    -336(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.127
+        incl    r2
+noname.127:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.128
+        incl    r8
+noname.128:
+
+        movl    r10,20(r11)
+
+        clrl    r10
+
+        movzwl  26(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-348(fp)
+        bicl3   #-65536,r2,-352(fp)
+        mull3   r0,-348(fp),-340(fp)
+        mull2   r3,-348(fp)
+        mull3   r3,-352(fp),-344(fp)
+        mull2   r0,-352(fp)
+        addl3   -340(fp),-344(fp),r0
+        bicl3   #0,r0,-340(fp)
+        cmpl    -340(fp),-344(fp)
+        bgequ   noname.129
+        addl2   #65536,-352(fp)
+noname.129:
+        movzwl  -338(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-352(fp)
+        bicl3   #-65536,-340(fp),r0
+        ashl    #16,r0,-344(fp)
+        addl3   -344(fp),-348(fp),r0
+        bicl3   #0,r0,-348(fp)
+        cmpl    -348(fp),-344(fp)
+        bgequ   noname.130
+        incl    -352(fp)
+noname.130:
+        movl    -348(fp),r1
+        movl    -352(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.131
+        incl    r2
+noname.131:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.132
+        incl    r10
+noname.132:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-364(fp)
+        bicl3   #-65536,r2,-368(fp)
+        mull3   r0,-364(fp),-356(fp)
+        mull2   r3,-364(fp)
+        mull3   r3,-368(fp),-360(fp)
+        mull2   r0,-368(fp)
+        addl3   -356(fp),-360(fp),r0
+        bicl3   #0,r0,-356(fp)
+        cmpl    -356(fp),-360(fp)
+        bgequ   noname.133
+        addl2   #65536,-368(fp)
+noname.133:
+        movzwl  -354(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-368(fp)
+        bicl3   #-65536,-356(fp),r0
+        ashl    #16,r0,-360(fp)
+        addl3   -360(fp),-364(fp),r0
+        bicl3   #0,r0,-364(fp)
+        cmpl    -364(fp),-360(fp)
+        bgequ   noname.134
+        incl    -368(fp)
+noname.134:
+        movl    -364(fp),r1
+        movl    -368(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.135
+        incl    r2
+noname.135:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.136
+        incl    r10
+noname.136:
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-380(fp)
+        bicl3   #-65536,r2,-384(fp)
+        mull3   r0,-380(fp),-372(fp)
+        mull2   r3,-380(fp)
+        mull3   r3,-384(fp),-376(fp)
+        mull2   r0,-384(fp)
+        addl3   -372(fp),-376(fp),r0
+        bicl3   #0,r0,-372(fp)
+        cmpl    -372(fp),-376(fp)
+        bgequ   noname.137
+        addl2   #65536,-384(fp)
+noname.137:
+        movzwl  -370(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-384(fp)
+        bicl3   #-65536,-372(fp),r0
+        ashl    #16,r0,-376(fp)
+        addl3   -376(fp),-380(fp),r0
+        bicl3   #0,r0,-380(fp)
+        cmpl    -380(fp),-376(fp)
+        bgequ   noname.138
+        incl    -384(fp)
+noname.138:
+        movl    -380(fp),r1
+        movl    -384(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.139
+        incl    r2
+noname.139:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.140
+        incl    r10
+noname.140:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-396(fp)
+        bicl3   #-65536,r2,-400(fp)
+        mull3   r0,-396(fp),-388(fp)
+        mull2   r3,-396(fp)
+        mull3   r3,-400(fp),-392(fp)
+        mull2   r0,-400(fp)
+        addl3   -388(fp),-392(fp),r0
+        bicl3   #0,r0,-388(fp)
+        cmpl    -388(fp),-392(fp)
+        bgequ   noname.141
+        addl2   #65536,-400(fp)
+noname.141:
+        movzwl  -386(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-400(fp)
+        bicl3   #-65536,-388(fp),r0
+        ashl    #16,r0,-392(fp)
+        addl3   -392(fp),-396(fp),r0
+        bicl3   #0,r0,-396(fp)
+        cmpl    -396(fp),-392(fp)
+        bgequ   noname.142
+        incl    -400(fp)
+noname.142:
+        movl    -396(fp),r1
+        movl    -400(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.143
+        incl    r2
+noname.143:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.144
+        incl    r10
+noname.144:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-412(fp)
+        bicl3   #-65536,r2,-416(fp)
+        mull3   r0,-412(fp),-404(fp)
+        mull2   r3,-412(fp)
+        mull3   r3,-416(fp),-408(fp)
+        mull2   r0,-416(fp)
+        addl3   -404(fp),-408(fp),r0
+        bicl3   #0,r0,-404(fp)
+        cmpl    -404(fp),-408(fp)
+        bgequ   noname.145
+        addl2   #65536,-416(fp)
+noname.145:
+        movzwl  -402(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-416(fp)
+        bicl3   #-65536,-404(fp),r0
+        ashl    #16,r0,-408(fp)
+        addl3   -408(fp),-412(fp),r0
+        bicl3   #0,r0,-412(fp)
+        cmpl    -412(fp),-408(fp)
+        bgequ   noname.146
+        incl    -416(fp)
+noname.146:
+        movl    -412(fp),r1
+        movl    -416(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.147
+        incl    r2
+noname.147:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.148
+        incl    r10
+noname.148:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-428(fp)
+        bicl3   #-65536,r2,-432(fp)
+        mull3   r0,-428(fp),-420(fp)
+        mull2   r3,-428(fp)
+        mull3   r3,-432(fp),-424(fp)
+        mull2   r0,-432(fp)
+        addl3   -420(fp),-424(fp),r0
+        bicl3   #0,r0,-420(fp)
+        cmpl    -420(fp),-424(fp)
+        bgequ   noname.149
+        addl2   #65536,-432(fp)
+noname.149:
+        movzwl  -418(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-432(fp)
+        bicl3   #-65536,-420(fp),r0
+        ashl    #16,r0,-424(fp)
+        addl3   -424(fp),-428(fp),r0
+        bicl3   #0,r0,-428(fp)
+        cmpl    -428(fp),-424(fp)
+        bgequ   noname.150
+        incl    -432(fp)
+noname.150:
+        movl    -428(fp),r1
+        movl    -432(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.151
+        incl    r2
+noname.151:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.152
+        incl    r10
+noname.152:
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-444(fp)
+        bicl3   #-65536,r2,-448(fp)
+        mull3   r0,-444(fp),-436(fp)
+        mull2   r3,-444(fp)
+        mull3   r3,-448(fp),-440(fp)
+        mull2   r0,-448(fp)
+        addl3   -436(fp),-440(fp),r0
+        bicl3   #0,r0,-436(fp)
+        cmpl    -436(fp),-440(fp)
+        bgequ   noname.153
+        addl2   #65536,-448(fp)
+noname.153:
+        movzwl  -434(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-448(fp)
+        bicl3   #-65536,-436(fp),r0
+        ashl    #16,r0,-440(fp)
+        addl3   -440(fp),-444(fp),r0
+        bicl3   #0,r0,-444(fp)
+        cmpl    -444(fp),-440(fp)
+        bgequ   noname.154
+        incl    -448(fp)
+noname.154:
+        movl    -444(fp),r1
+        movl    -448(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.155
+        incl    r2
+noname.155:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.156
+        incl    r10
+noname.156:
+
+        movl    r9,24(r11)
+
+        clrl    r9
+
+        movzwl  2(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-460(fp)
+        bicl3   #-65536,r2,-464(fp)
+        mull3   r0,-460(fp),-452(fp)
+        mull2   r3,-460(fp)
+        mull3   r3,-464(fp),-456(fp)
+        mull2   r0,-464(fp)
+        addl3   -452(fp),-456(fp),r0
+        bicl3   #0,r0,-452(fp)
+        cmpl    -452(fp),-456(fp)
+        bgequ   noname.157
+        addl2   #65536,-464(fp)
+noname.157:
+        movzwl  -450(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-464(fp)
+        bicl3   #-65536,-452(fp),r0
+        ashl    #16,r0,-456(fp)
+        addl3   -456(fp),-460(fp),r0
+        bicl3   #0,r0,-460(fp)
+        cmpl    -460(fp),-456(fp)
+        bgequ   noname.158
+        incl    -464(fp)
+noname.158:
+        movl    -460(fp),r1
+        movl    -464(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.159
+        incl    r2
+noname.159:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.160
+        incl    r9
+noname.160:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-476(fp)
+        bicl3   #-65536,r2,-480(fp)
+        mull3   r0,-476(fp),-468(fp)
+        mull2   r3,-476(fp)
+        mull3   r3,-480(fp),-472(fp)
+        mull2   r0,-480(fp)
+        addl3   -468(fp),-472(fp),r0
+        bicl3   #0,r0,-468(fp)
+        cmpl    -468(fp),-472(fp)
+        bgequ   noname.161
+        addl2   #65536,-480(fp)
+noname.161:
+        movzwl  -466(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-480(fp)
+        bicl3   #-65536,-468(fp),r0
+        ashl    #16,r0,-472(fp)
+        addl3   -472(fp),-476(fp),r0
+        bicl3   #0,r0,-476(fp)
+        cmpl    -476(fp),-472(fp)
+        bgequ   noname.162
+        incl    -480(fp)
+noname.162:
+        movl    -476(fp),r1
+        movl    -480(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.163
+        incl    r2
+noname.163:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.164
+        incl    r9
+noname.164:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-492(fp)
+        bicl3   #-65536,r2,-496(fp)
+        mull3   r0,-492(fp),-484(fp)
+        mull2   r3,-492(fp)
+        mull3   r3,-496(fp),-488(fp)
+        mull2   r0,-496(fp)
+        addl3   -484(fp),-488(fp),r0
+        bicl3   #0,r0,-484(fp)
+        cmpl    -484(fp),-488(fp)
+        bgequ   noname.165
+        addl2   #65536,-496(fp)
+noname.165:
+        movzwl  -482(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-496(fp)
+        bicl3   #-65536,-484(fp),r0
+        ashl    #16,r0,-488(fp)
+        addl3   -488(fp),-492(fp),r0
+        bicl3   #0,r0,-492(fp)
+        cmpl    -492(fp),-488(fp)
+        bgequ   noname.166
+        incl    -496(fp)
+noname.166:
+        movl    -492(fp),r1
+        movl    -496(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.167
+        incl    r2
+noname.167:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.168
+        incl    r9
+noname.168:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-508(fp)
+        bicl3   #-65536,r2,-512(fp)
+        mull3   r0,-508(fp),-500(fp)
+        mull2   r3,-508(fp)
+        mull3   r3,-512(fp),-504(fp)
+        mull2   r0,-512(fp)
+        addl3   -500(fp),-504(fp),r0
+        bicl3   #0,r0,-500(fp)
+        cmpl    -500(fp),-504(fp)
+        bgequ   noname.169
+        addl2   #65536,-512(fp)
+noname.169:
+        movzwl  -498(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-512(fp)
+        bicl3   #-65536,-500(fp),r0
+        ashl    #16,r0,-504(fp)
+        addl3   -504(fp),-508(fp),r0
+        bicl3   #0,r0,-508(fp)
+        cmpl    -508(fp),-504(fp)
+        bgequ   noname.170
+        incl    -512(fp)
+noname.170:
+        movl    -508(fp),r1
+        movl    -512(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.171
+        incl    r2
+noname.171:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.172
+        incl    r9
+noname.172:
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-524(fp)
+        bicl3   #-65536,r2,-528(fp)
+        mull3   r0,-524(fp),-516(fp)
+        mull2   r3,-524(fp)
+        mull3   r3,-528(fp),-520(fp)
+        mull2   r0,-528(fp)
+        addl3   -516(fp),-520(fp),r0
+        bicl3   #0,r0,-516(fp)
+        cmpl    -516(fp),-520(fp)
+        bgequ   noname.173
+        addl2   #65536,-528(fp)
+noname.173:
+        movzwl  -514(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-528(fp)
+        bicl3   #-65536,-516(fp),r0
+        ashl    #16,r0,-520(fp)
+        addl3   -520(fp),-524(fp),r0
+        bicl3   #0,r0,-524(fp)
+        cmpl    -524(fp),-520(fp)
+        bgequ   noname.174
+        incl    -528(fp)
+noname.174:
+        movl    -524(fp),r1
+        movl    -528(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.175
+        incl    r2
+noname.175:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.176
+        incl    r9
+noname.176:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-540(fp)
+        bicl3   #-65536,r2,-544(fp)
+        mull3   r0,-540(fp),-532(fp)
+        mull2   r3,-540(fp)
+        mull3   r3,-544(fp),-536(fp)
+        mull2   r0,-544(fp)
+        addl3   -532(fp),-536(fp),r0
+        bicl3   #0,r0,-532(fp)
+        cmpl    -532(fp),-536(fp)
+        bgequ   noname.177
+        addl2   #65536,-544(fp)
+noname.177:
+        movzwl  -530(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-544(fp)
+        bicl3   #-65536,-532(fp),r0
+        ashl    #16,r0,-536(fp)
+        addl3   -536(fp),-540(fp),r0
+        bicl3   #0,r0,-540(fp)
+        cmpl    -540(fp),-536(fp)
+        bgequ   noname.178
+        incl    -544(fp)
+noname.178:
+        movl    -540(fp),r1
+        movl    -544(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.179
+        incl    r2
+noname.179:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.180
+        incl    r9
+noname.180:
+
+        movzwl  26(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-556(fp)
+        bicl3   #-65536,r2,-560(fp)
+        mull3   r0,-556(fp),-548(fp)
+        mull2   r3,-556(fp)
+        mull3   r3,-560(fp),-552(fp)
+        mull2   r0,-560(fp)
+        addl3   -548(fp),-552(fp),r0
+        bicl3   #0,r0,-548(fp)
+        cmpl    -548(fp),-552(fp)
+        bgequ   noname.181
+        addl2   #65536,-560(fp)
+noname.181:
+        movzwl  -546(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-560(fp)
+        bicl3   #-65536,-548(fp),r0
+        ashl    #16,r0,-552(fp)
+        addl3   -552(fp),-556(fp),r0
+        bicl3   #0,r0,-556(fp)
+        cmpl    -556(fp),-552(fp)
+        bgequ   noname.182
+        incl    -560(fp)
+noname.182:
+        movl    -556(fp),r1
+        movl    -560(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.183
+        incl    r2
+noname.183:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.184
+        incl    r9
+noname.184:
+
+        movzwl  30(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-572(fp)
+        bicl3   #-65536,r2,-576(fp)
+        mull3   r0,-572(fp),-564(fp)
+        mull2   r3,-572(fp)
+        mull3   r3,-576(fp),-568(fp)
+        mull2   r0,-576(fp)
+        addl3   -564(fp),-568(fp),r0
+        bicl3   #0,r0,-564(fp)
+        cmpl    -564(fp),-568(fp)
+        bgequ   noname.185
+        addl2   #65536,-576(fp)
+noname.185:
+        movzwl  -562(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-576(fp)
+        bicl3   #-65536,-564(fp),r0
+        ashl    #16,r0,-568(fp)
+        addl3   -568(fp),-572(fp),r0
+        bicl3   #0,r0,-572(fp)
+        cmpl    -572(fp),-568(fp)
+        bgequ   noname.186
+        incl    -576(fp)
+noname.186:
+        movl    -572(fp),r1
+        movl    -576(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.187
+        incl    r2
+noname.187:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.188
+        incl    r9
+noname.188:
+
+        movl    r8,28(r11)
+
+        clrl    r8
+
+        movzwl  30(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-588(fp)
+        bicl3   #-65536,r2,-592(fp)
+        mull3   r0,-588(fp),-580(fp)
+        mull2   r3,-588(fp)
+        mull3   r3,-592(fp),-584(fp)
+        mull2   r0,-592(fp)
+        addl3   -580(fp),-584(fp),r0
+        bicl3   #0,r0,-580(fp)
+        cmpl    -580(fp),-584(fp)
+        bgequ   noname.189
+        addl2   #65536,-592(fp)
+noname.189:
+        movzwl  -578(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-592(fp)
+        bicl3   #-65536,-580(fp),r0
+        ashl    #16,r0,-584(fp)
+        addl3   -584(fp),-588(fp),r0
+        bicl3   #0,r0,-588(fp)
+        cmpl    -588(fp),-584(fp)
+        bgequ   noname.190
+        incl    -592(fp)
+noname.190:
+        movl    -588(fp),r1
+        movl    -592(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.191
+        incl    r2
+noname.191:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.192
+        incl    r8
+noname.192:
+
+        movzwl  26(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-604(fp)
+        bicl3   #-65536,r2,-608(fp)
+        mull3   r0,-604(fp),-596(fp)
+        mull2   r3,-604(fp)
+        mull3   r3,-608(fp),-600(fp)
+        mull2   r0,-608(fp)
+        addl3   -596(fp),-600(fp),r0
+        bicl3   #0,r0,-596(fp)
+        cmpl    -596(fp),-600(fp)
+        bgequ   noname.193
+        addl2   #65536,-608(fp)
+noname.193:
+        movzwl  -594(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-608(fp)
+        bicl3   #-65536,-596(fp),r0
+        ashl    #16,r0,-600(fp)
+        addl3   -600(fp),-604(fp),r0
+        bicl3   #0,r0,-604(fp)
+        cmpl    -604(fp),-600(fp)
+        bgequ   noname.194
+        incl    -608(fp)
+noname.194:
+        movl    -604(fp),r1
+        movl    -608(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.195
+        incl    r2
+noname.195:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.196
+        incl    r8
+noname.196:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-620(fp)
+        bicl3   #-65536,r2,-624(fp)
+        mull3   r0,-620(fp),-612(fp)
+        mull2   r3,-620(fp)
+        mull3   r3,-624(fp),-616(fp)
+        mull2   r0,-624(fp)
+        addl3   -612(fp),-616(fp),r0
+        bicl3   #0,r0,-612(fp)
+        cmpl    -612(fp),-616(fp)
+        bgequ   noname.197
+        addl2   #65536,-624(fp)
+noname.197:
+        movzwl  -610(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-624(fp)
+        bicl3   #-65536,-612(fp),r0
+        ashl    #16,r0,-616(fp)
+        addl3   -616(fp),-620(fp),r0
+        bicl3   #0,r0,-620(fp)
+        cmpl    -620(fp),-616(fp)
+        bgequ   noname.198
+        incl    -624(fp)
+noname.198:
+        movl    -620(fp),r1
+        movl    -624(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.199
+        incl    r2
+noname.199:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.200
+        incl    r8
+noname.200:
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-636(fp)
+        bicl3   #-65536,r2,-640(fp)
+        mull3   r0,-636(fp),-628(fp)
+        mull2   r3,-636(fp)
+        mull3   r3,-640(fp),-632(fp)
+        mull2   r0,-640(fp)
+        addl3   -628(fp),-632(fp),r0
+        bicl3   #0,r0,-628(fp)
+        cmpl    -628(fp),-632(fp)
+        bgequ   noname.201
+        addl2   #65536,-640(fp)
+noname.201:
+        movzwl  -626(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-640(fp)
+        bicl3   #-65536,-628(fp),r0
+        ashl    #16,r0,-632(fp)
+        addl3   -632(fp),-636(fp),r0
+        bicl3   #0,r0,-636(fp)
+        cmpl    -636(fp),-632(fp)
+        bgequ   noname.202
+        incl    -640(fp)
+noname.202:
+        movl    -636(fp),r1
+        movl    -640(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.203
+        incl    r2
+noname.203:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.204
+        incl    r8
+noname.204:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-652(fp)
+        bicl3   #-65536,r2,-656(fp)
+        mull3   r0,-652(fp),-644(fp)
+        mull2   r3,-652(fp)
+        mull3   r3,-656(fp),-648(fp)
+        mull2   r0,-656(fp)
+        addl3   -644(fp),-648(fp),r0
+        bicl3   #0,r0,-644(fp)
+        cmpl    -644(fp),-648(fp)
+        bgequ   noname.205
+        addl2   #65536,-656(fp)
+noname.205:
+        movzwl  -642(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-656(fp)
+        bicl3   #-65536,-644(fp),r0
+        ashl    #16,r0,-648(fp)
+        addl3   -648(fp),-652(fp),r0
+        bicl3   #0,r0,-652(fp)
+        cmpl    -652(fp),-648(fp)
+        bgequ   noname.206
+        incl    -656(fp)
+noname.206:
+        movl    -652(fp),r1
+        movl    -656(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.207
+        incl    r2
+noname.207:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.208
+        incl    r8
+noname.208:
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-668(fp)
+        bicl3   #-65536,r2,-672(fp)
+        mull3   r0,-668(fp),-660(fp)
+        mull2   r3,-668(fp)
+        mull3   r3,-672(fp),-664(fp)
+        mull2   r0,-672(fp)
+        addl3   -660(fp),-664(fp),r0
+        bicl3   #0,r0,-660(fp)
+        cmpl    -660(fp),-664(fp)
+        bgequ   noname.209
+        addl2   #65536,-672(fp)
+noname.209:
+        movzwl  -658(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-672(fp)
+        bicl3   #-65536,-660(fp),r0
+        ashl    #16,r0,-664(fp)
+        addl3   -664(fp),-668(fp),r0
+        bicl3   #0,r0,-668(fp)
+        cmpl    -668(fp),-664(fp)
+        bgequ   noname.210
+        incl    -672(fp)
+noname.210:
+        movl    -668(fp),r1
+        movl    -672(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.211
+        incl    r2
+noname.211:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.212
+        incl    r8
+noname.212:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-684(fp)
+        bicl3   #-65536,r2,-688(fp)
+        mull3   r0,-684(fp),-676(fp)
+        mull2   r3,-684(fp)
+        mull3   r3,-688(fp),-680(fp)
+        mull2   r0,-688(fp)
+        addl3   -676(fp),-680(fp),r0
+        bicl3   #0,r0,-676(fp)
+        cmpl    -676(fp),-680(fp)
+        bgequ   noname.213
+        addl2   #65536,-688(fp)
+noname.213:
+        movzwl  -674(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-688(fp)
+        bicl3   #-65536,-676(fp),r0
+        ashl    #16,r0,-680(fp)
+        addl3   -680(fp),-684(fp),r0
+        bicl3   #0,r0,-684(fp)
+        cmpl    -684(fp),-680(fp)
+        bgequ   noname.214
+        incl    -688(fp)
+noname.214:
+        movl    -684(fp),r1
+        movl    -688(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.215
+        incl    r2
+noname.215:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.216
+        incl    r8
+noname.216:
+
+        movl    r10,32(r11)
+
+        clrl    r10
+
+        movzwl  10(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-700(fp)
+        bicl3   #-65536,r2,-704(fp)
+        mull3   r0,-700(fp),-692(fp)
+        mull2   r3,-700(fp)
+        mull3   r3,-704(fp),-696(fp)
+        mull2   r0,-704(fp)
+        addl3   -692(fp),-696(fp),r0
+        bicl3   #0,r0,-692(fp)
+        cmpl    -692(fp),-696(fp)
+        bgequ   noname.217
+        addl2   #65536,-704(fp)
+noname.217:
+        movzwl  -690(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-704(fp)
+        bicl3   #-65536,-692(fp),r0
+        ashl    #16,r0,-696(fp)
+        addl3   -696(fp),-700(fp),r0
+        bicl3   #0,r0,-700(fp)
+        cmpl    -700(fp),-696(fp)
+        bgequ   noname.218
+        incl    -704(fp)
+noname.218:
+        movl    -700(fp),r1
+        movl    -704(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.219
+        incl    r2
+noname.219:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.220
+        incl    r10
+noname.220:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-716(fp)
+        bicl3   #-65536,r2,-720(fp)
+        mull3   r0,-716(fp),-708(fp)
+        mull2   r3,-716(fp)
+        mull3   r3,-720(fp),-712(fp)
+        mull2   r0,-720(fp)
+        addl3   -708(fp),-712(fp),r0
+        bicl3   #0,r0,-708(fp)
+        cmpl    -708(fp),-712(fp)
+        bgequ   noname.221
+        addl2   #65536,-720(fp)
+noname.221:
+        movzwl  -706(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-720(fp)
+        bicl3   #-65536,-708(fp),r0
+        ashl    #16,r0,-712(fp)
+        addl3   -712(fp),-716(fp),r0
+        bicl3   #0,r0,-716(fp)
+        cmpl    -716(fp),-712(fp)
+        bgequ   noname.222
+        incl    -720(fp)
+noname.222:
+        movl    -716(fp),r1
+        movl    -720(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.223
+        incl    r2
+noname.223:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.224
+        incl    r10
+noname.224:
+
+        movzwl  18(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-732(fp)
+        bicl3   #-65536,r2,-736(fp)
+        mull3   r0,-732(fp),-724(fp)
+        mull2   r3,-732(fp)
+        mull3   r3,-736(fp),-728(fp)
+        mull2   r0,-736(fp)
+        addl3   -724(fp),-728(fp),r0
+        bicl3   #0,r0,-724(fp)
+        cmpl    -724(fp),-728(fp)
+        bgequ   noname.225
+        addl2   #65536,-736(fp)
+noname.225:
+        movzwl  -722(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-736(fp)
+        bicl3   #-65536,-724(fp),r0
+        ashl    #16,r0,-728(fp)
+        addl3   -728(fp),-732(fp),r0
+        bicl3   #0,r0,-732(fp)
+        cmpl    -732(fp),-728(fp)
+        bgequ   noname.226
+        incl    -736(fp)
+noname.226:
+        movl    -732(fp),r1
+        movl    -736(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.227
+        incl    r2
+noname.227:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.228
+        incl    r10
+noname.228:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-748(fp)
+        bicl3   #-65536,r2,-752(fp)
+        mull3   r0,-748(fp),-740(fp)
+        mull2   r3,-748(fp)
+        mull3   r3,-752(fp),-744(fp)
+        mull2   r0,-752(fp)
+        addl3   -740(fp),-744(fp),r0
+        bicl3   #0,r0,-740(fp)
+        cmpl    -740(fp),-744(fp)
+        bgequ   noname.229
+        addl2   #65536,-752(fp)
+noname.229:
+        movzwl  -738(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-752(fp)
+        bicl3   #-65536,-740(fp),r0
+        ashl    #16,r0,-744(fp)
+        addl3   -744(fp),-748(fp),r0
+        bicl3   #0,r0,-748(fp)
+        cmpl    -748(fp),-744(fp)
+        bgequ   noname.230
+        incl    -752(fp)
+noname.230:
+        movl    -748(fp),r1
+        movl    -752(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.231
+        incl    r2
+noname.231:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.232
+        incl    r10
+noname.232:
+
+        movzwl  26(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-764(fp)
+        bicl3   #-65536,r2,-768(fp)
+        mull3   r0,-764(fp),-756(fp)
+        mull2   r3,-764(fp)
+        mull3   r3,-768(fp),-760(fp)
+        mull2   r0,-768(fp)
+        addl3   -756(fp),-760(fp),r0
+        bicl3   #0,r0,-756(fp)
+        cmpl    -756(fp),-760(fp)
+        bgequ   noname.233
+        addl2   #65536,-768(fp)
+noname.233:
+        movzwl  -754(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-768(fp)
+        bicl3   #-65536,-756(fp),r0
+        ashl    #16,r0,-760(fp)
+        addl3   -760(fp),-764(fp),r0
+        bicl3   #0,r0,-764(fp)
+        cmpl    -764(fp),-760(fp)
+        bgequ   noname.234
+        incl    -768(fp)
+noname.234:
+        movl    -764(fp),r1
+        movl    -768(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.235
+        incl    r2
+noname.235:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.236
+        incl    r10
+noname.236:
+
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-772(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-776(fp)
+        mull2   r0,r4
+        addl3   -772(fp),-776(fp),r0
+        bicl3   #0,r0,-772(fp)
+        cmpl    -772(fp),-776(fp)
+        bgequ   noname.237
+        addl2   #65536,r4
+noname.237:
+        movzwl  -770(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-772(fp),r0
+        ashl    #16,r0,-776(fp)
+        addl2   -776(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-776(fp)
+        bgequ   noname.238
+        incl    r4
+noname.238:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.239
+        incl    r2
+noname.239:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.240
+        incl    r10
+noname.240:
+
+        movl    r9,36(r11)
+
+        clrl    r9
+
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-780(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-784(fp)
+        mull2   r0,r4
+        addl3   -780(fp),-784(fp),r0
+        bicl3   #0,r0,-780(fp)
+        cmpl    -780(fp),-784(fp)
+        bgequ   noname.241
+        addl2   #65536,r4
+noname.241:
+        movzwl  -778(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-780(fp),r0
+        ashl    #16,r0,-784(fp)
+        addl2   -784(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-784(fp)
+        bgequ   noname.242
+        incl    r4
+noname.242:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.243
+        incl    r2
+noname.243:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.244
+        incl    r9
+noname.244:
+
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r7),r2
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-788(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-792(fp)
+        mull2   r0,r4
+        addl3   -788(fp),-792(fp),r0
+        bicl3   #0,r0,-788(fp)
+        cmpl    -788(fp),-792(fp)
+        bgequ   noname.245
+        addl2   #65536,r4
+noname.245:
+        movzwl  -786(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-788(fp),r0
+        ashl    #16,r0,-792(fp)
+        addl2   -792(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-792(fp)
+        bgequ   noname.246
+        incl    r4
+noname.246:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.247
+        incl    r2
+noname.247:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.248
+        incl    r9
+noname.248:
+
+        bicl3   #-65536,20(r6),r3
+        movzwl  22(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-796(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-800(fp)
+        mull2   r0,r4
+        addl3   -796(fp),-800(fp),r0
+        bicl3   #0,r0,-796(fp)
+        cmpl    -796(fp),-800(fp)
+        bgequ   noname.249
+        addl2   #65536,r4
+noname.249:
+        movzwl  -794(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-796(fp),r0
+        ashl    #16,r0,-800(fp)
+        addl2   -800(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-800(fp)
+        bgequ   noname.250
+        incl    r4
+noname.250:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.251
+        incl    r2
+noname.251:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.252
+        incl    r9
+noname.252:
+
+        bicl3   #-65536,16(r6),r3
+        movzwl  18(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r7),r2
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-804(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-808(fp)
+        mull2   r0,r4
+        addl3   -804(fp),-808(fp),r0
+        bicl3   #0,r0,-804(fp)
+        cmpl    -804(fp),-808(fp)
+        bgequ   noname.253
+        addl2   #65536,r4
+noname.253:
+        movzwl  -802(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-804(fp),r0
+        ashl    #16,r0,-808(fp)
+        addl2   -808(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-808(fp)
+        bgequ   noname.254
+        incl    r4
+noname.254:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.255
+        incl    r2
+noname.255:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.256
+        incl    r9
+noname.256:
+
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-812(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-816(fp)
+        mull2   r0,r4
+        addl3   -812(fp),-816(fp),r0
+        bicl3   #0,r0,-812(fp)
+        cmpl    -812(fp),-816(fp)
+        bgequ   noname.257
+        addl2   #65536,r4
+noname.257:
+        movzwl  -810(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-812(fp),r0
+        ashl    #16,r0,-816(fp)
+        addl2   -816(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-816(fp)
+        bgequ   noname.258
+        incl    r4
+noname.258:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.259
+        incl    r2
+noname.259:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.260
+        incl    r9
+noname.260:
+
+        movl    r8,40(r11)
+
+        clrl    r8
+
+        bicl3   #-65536,16(r6),r3
+        movzwl  18(r6),r2
+        bicl3   #-65536,28(r7),r1
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-828(fp)
+        mull3   r0,r4,-820(fp)
+        mull2   r1,r4
+        mull3   r1,-828(fp),-824(fp)
+        mull2   r0,-828(fp)
+        addl3   -820(fp),-824(fp),r0
+        bicl3   #0,r0,-820(fp)
+        cmpl    -820(fp),-824(fp)
+        bgequ   noname.261
+        addl2   #65536,-828(fp)
+noname.261:
+        movzwl  -818(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-828(fp)
+        bicl3   #-65536,-820(fp),r0
+        ashl    #16,r0,-824(fp)
+        addl2   -824(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-824(fp)
+        bgequ   noname.262
+        incl    -828(fp)
+noname.262:
+        movl    r4,r1
+        movl    -828(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.263
+        incl    r2
+noname.263:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.264
+        incl    r8
+noname.264:
+
+        movzwl  22(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-840(fp)
+        bicl3   #-65536,r2,-844(fp)
+        mull3   r0,-840(fp),-832(fp)
+        mull2   r3,-840(fp)
+        mull3   r3,-844(fp),-836(fp)
+        mull2   r0,-844(fp)
+        addl3   -832(fp),-836(fp),r0
+        bicl3   #0,r0,-832(fp)
+        cmpl    -832(fp),-836(fp)
+        bgequ   noname.265
+        addl2   #65536,-844(fp)
+noname.265:
+        movzwl  -830(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-844(fp)
+        bicl3   #-65536,-832(fp),r0
+        ashl    #16,r0,-836(fp)
+        addl3   -836(fp),-840(fp),r0
+        bicl3   #0,r0,-840(fp)
+        cmpl    -840(fp),-836(fp)
+        bgequ   noname.266
+        incl    -844(fp)
+noname.266:
+        movl    -840(fp),r1
+        movl    -844(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.267
+        incl    r2
+noname.267:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.268
+        incl    r8
+noname.268:
+
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-848(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-852(fp)
+        mull2   r0,r4
+        addl3   -848(fp),-852(fp),r0
+        bicl3   #0,r0,-848(fp)
+        cmpl    -848(fp),-852(fp)
+        bgequ   noname.269
+        addl2   #65536,r4
+noname.269:
+        movzwl  -846(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-848(fp),r0
+        ashl    #16,r0,-852(fp)
+        addl2   -852(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-852(fp)
+        bgequ   noname.270
+        incl    r4
+noname.270:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.271
+        incl    r2
+noname.271:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.272
+        incl    r8
+noname.272:
+
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r7),r2
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-856(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-860(fp)
+        mull2   r0,r4
+        addl3   -856(fp),-860(fp),r0
+        bicl3   #0,r0,-856(fp)
+        cmpl    -856(fp),-860(fp)
+        bgequ   noname.273
+        addl2   #65536,r4
+noname.273:
+        movzwl  -854(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-856(fp),r0
+        ashl    #16,r0,-860(fp)
+        addl2   -860(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-860(fp)
+        bgequ   noname.274
+        incl    r4
+noname.274:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.275
+        incl    r2
+noname.275:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.276
+        incl    r8
+noname.276:
+
+        movl    r10,44(r11)
+
+        clrl    r10
+
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-864(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-868(fp)
+        mull2   r0,r4
+        addl3   -864(fp),-868(fp),r0
+        bicl3   #0,r0,-864(fp)
+        cmpl    -864(fp),-868(fp)
+        bgequ   noname.277
+        addl2   #65536,r4
+noname.277:
+        movzwl  -862(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-864(fp),r0
+        ashl    #16,r0,-868(fp)
+        addl2   -868(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-868(fp)
+        bgequ   noname.278
+        incl    r4
+noname.278:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.279
+        incl    r2
+noname.279:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.280
+        incl    r10
+noname.280:
+
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r7),r2
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-872(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-876(fp)
+        mull2   r0,r4
+        addl3   -872(fp),-876(fp),r0
+        bicl3   #0,r0,-872(fp)
+        cmpl    -872(fp),-876(fp)
+        bgequ   noname.281
+        addl2   #65536,r4
+noname.281:
+        movzwl  -870(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-872(fp),r0
+        ashl    #16,r0,-876(fp)
+        addl2   -876(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-876(fp)
+        bgequ   noname.282
+        incl    r4
+noname.282:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.283
+        incl    r2
+noname.283:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.284
+        incl    r10
+noname.284:
+
+        bicl3   #-65536,20(r6),r3
+        movzwl  22(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-880(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-884(fp)
+        mull2   r0,r4
+        addl3   -880(fp),-884(fp),r0
+        bicl3   #0,r0,-880(fp)
+        cmpl    -880(fp),-884(fp)
+        bgequ   noname.285
+        addl2   #65536,r4
+noname.285:
+        movzwl  -878(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-880(fp),r0
+        ashl    #16,r0,-884(fp)
+        addl2   -884(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-884(fp)
+        bgequ   noname.286
+        incl    r4
+noname.286:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.287
+        incl    r2
+noname.287:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.288
+        incl    r10
+noname.288:
+
+        movl    r9,48(r11)
+
+        clrl    r9
+
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-888(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-892(fp)
+        mull2   r0,r4
+        addl3   -888(fp),-892(fp),r0
+        bicl3   #0,r0,-888(fp)
+        cmpl    -888(fp),-892(fp)
+        bgequ   noname.289
+        addl2   #65536,r4
+noname.289:
+        movzwl  -886(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-888(fp),r0
+        ashl    #16,r0,-892(fp)
+        addl2   -892(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-892(fp)
+        bgequ   noname.290
+        incl    r4
+noname.290:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.291
+        incl    r2
+noname.291:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.292
+        incl    r9
+noname.292:
+
+        movzwl  30(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-904(fp)
+        bicl3   #-65536,r2,-908(fp)
+        mull3   r0,-904(fp),-896(fp)
+        mull2   r3,-904(fp)
+        mull3   r3,-908(fp),-900(fp)
+        mull2   r0,-908(fp)
+        addl3   -896(fp),-900(fp),r0
+        bicl3   #0,r0,-896(fp)
+        cmpl    -896(fp),-900(fp)
+        bgequ   noname.293
+        addl2   #65536,-908(fp)
+noname.293:
+        movzwl  -894(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-908(fp)
+        bicl3   #-65536,-896(fp),r0
+        ashl    #16,r0,-900(fp)
+        addl3   -900(fp),-904(fp),r0
+        bicl3   #0,r0,-904(fp)
+        cmpl    -904(fp),-900(fp)
+        bgequ   noname.294
+        incl    -908(fp)
+noname.294:
+        movl    -904(fp),r1
+        movl    -908(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.295
+        incl    r2
+noname.295:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.296
+        incl    r9
+noname.296:
+
+        movl    r8,52(r11)
+
+        clrl    r8
+
+        movzwl  30(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-920(fp)
+        bicl3   #-65536,r2,-924(fp)
+        mull3   r0,-920(fp),-912(fp)
+        mull2   r3,-920(fp)
+        mull3   r3,-924(fp),-916(fp)
+        mull2   r0,-924(fp)
+        addl3   -912(fp),-916(fp),r0
+        bicl3   #0,r0,-912(fp)
+        cmpl    -912(fp),-916(fp)
+        bgequ   noname.297
+        addl2   #65536,-924(fp)
+noname.297:
+        movzwl  -910(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-924(fp)
+        bicl3   #-65536,-912(fp),r0
+        ashl    #16,r0,-916(fp)
+        addl3   -916(fp),-920(fp),r0
+        bicl3   #0,r0,-920(fp)
+        cmpl    -920(fp),-916(fp)
+        bgequ   noname.298
+        incl    -924(fp)
+noname.298:
+        movl    -920(fp),r1
+        movl    -924(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.299
+        incl    r2
+noname.299:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.300
+        incl    r8
+noname.300:
+
+        movl    r10,56(r11)
+
+        movl    r9,60(r11)
+
+        ret     
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+
+        .psect  code,nowrt
+
+.entry  BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+        movab   -156(sp),sp
+
+        clrq    r9
+
+        clrl    r8
+
+        movl    8(ap),r6
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r2
+        bicl2   #-65536,r2
+        movl    12(ap),r7
+        bicl3   #-65536,(r7),r1
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r2,r4
+        mull3   r0,r5,-4(fp)
+        mull2   r1,r5
+        mull3   r1,r4,-8(fp)
+        mull2   r0,r4
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.303
+        addl2   #65536,r4
+noname.303:
+        movzwl  -2(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-4(fp),r0
+        ashl    #16,r0,-8(fp)
+        addl2   -8(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-8(fp)
+        bgequ   noname.304
+        incl    r4
+noname.304:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.305
+        incl    r2
+noname.305:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.306
+        incl    r8
+noname.306:
+
+        movl    4(ap),r11
+        movl    r10,(r11)
+
+        clrl    r10
+
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-12(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-16(fp)
+        mull2   r0,r4
+        addl3   -12(fp),-16(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-16(fp)
+        bgequ   noname.307
+        addl2   #65536,r4
+noname.307:
+        movzwl  -10(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-12(fp),r0
+        ashl    #16,r0,-16(fp)
+        addl2   -16(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-16(fp)
+        bgequ   noname.308
+        incl    r4
+noname.308:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.309
+        incl    r2
+noname.309:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.310
+        incl    r10
+noname.310:
+
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-20(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-24(fp)
+        mull2   r0,r4
+        addl3   -20(fp),-24(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-24(fp)
+        bgequ   noname.311
+        addl2   #65536,r4
+noname.311:
+        movzwl  -18(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-20(fp),r0
+        ashl    #16,r0,-24(fp)
+        addl2   -24(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-24(fp)
+        bgequ   noname.312
+        incl    r4
+noname.312:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.313
+        incl    r2
+noname.313:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.314
+        incl    r10
+noname.314:
+
+        movl    r9,4(r11)
+
+        clrl    r9
+
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-28(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-32(fp)
+        mull2   r0,r4
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.315
+        addl2   #65536,r4
+noname.315:
+        movzwl  -26(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-28(fp),r0
+        ashl    #16,r0,-32(fp)
+        addl2   -32(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-32(fp)
+        bgequ   noname.316
+        incl    r4
+noname.316:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.317
+        incl    r2
+noname.317:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.318
+        incl    r9
+noname.318:
+
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-36(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-40(fp)
+        mull2   r0,r4
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.319
+        addl2   #65536,r4
+noname.319:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl2   -40(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-40(fp)
+        bgequ   noname.320
+        incl    r4
+noname.320:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.321
+        incl    r2
+noname.321:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.322
+        incl    r9
+noname.322:
+
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-44(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-48(fp)
+        mull2   r0,r4
+        addl3   -44(fp),-48(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-48(fp)
+        bgequ   noname.323
+        addl2   #65536,r4
+noname.323:
+        movzwl  -42(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-44(fp),r0
+        ashl    #16,r0,-48(fp)
+        addl2   -48(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-48(fp)
+        bgequ   noname.324
+        incl    r4
+noname.324:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.325
+        incl    r2
+noname.325:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.326
+        incl    r9
+noname.326:
+
+        movl    r8,8(r11)
+
+        clrl    r8
+
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r2
+        bicl3   #-65536,12(r7),r1
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-60(fp)
+        mull3   r0,r4,-52(fp)
+        mull2   r1,r4
+        mull3   r1,-60(fp),-56(fp)
+        mull2   r0,-60(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.327
+        addl2   #65536,-60(fp)
+noname.327:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-60(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl2   -56(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-56(fp)
+        bgequ   noname.328
+        incl    -60(fp)
+noname.328:
+        movl    r4,r1
+        movl    -60(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.329
+        incl    r2
+noname.329:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.330
+        incl    r8
+noname.330:
+
+        movzwl  6(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-72(fp)
+        bicl3   #-65536,r2,-76(fp)
+        mull3   r0,-72(fp),-64(fp)
+        mull2   r3,-72(fp)
+        mull3   r3,-76(fp),-68(fp)
+        mull2   r0,-76(fp)
+        addl3   -64(fp),-68(fp),r0
+        bicl3   #0,r0,-64(fp)
+        cmpl    -64(fp),-68(fp)
+        bgequ   noname.331
+        addl2   #65536,-76(fp)
+noname.331:
+        movzwl  -62(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-76(fp)
+        bicl3   #-65536,-64(fp),r0
+        ashl    #16,r0,-68(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-72(fp)
+        cmpl    -72(fp),-68(fp)
+        bgequ   noname.332
+        incl    -76(fp)
+noname.332:
+        movl    -72(fp),r1
+        movl    -76(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.333
+        incl    r2
+noname.333:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.334
+        incl    r8
+noname.334:
+
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-80(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-84(fp)
+        mull2   r0,r4
+        addl3   -80(fp),-84(fp),r0
+        bicl3   #0,r0,-80(fp)
+        cmpl    -80(fp),-84(fp)
+        bgequ   noname.335
+        addl2   #65536,r4
+noname.335:
+        movzwl  -78(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-80(fp),r0
+        ashl    #16,r0,-84(fp)
+        addl2   -84(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-84(fp)
+        bgequ   noname.336
+        incl    r4
+noname.336:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.337
+        incl    r2
+noname.337:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.338
+        incl    r8
+noname.338:
+
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-88(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-92(fp)
+        mull2   r0,r4
+        addl3   -88(fp),-92(fp),r0
+        bicl3   #0,r0,-88(fp)
+        cmpl    -88(fp),-92(fp)
+        bgequ   noname.339
+        addl2   #65536,r4
+noname.339:
+        movzwl  -86(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-88(fp),r0
+        ashl    #16,r0,-92(fp)
+        addl2   -92(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-92(fp)
+        bgequ   noname.340
+        incl    r4
+noname.340:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.341
+        incl    r2
+noname.341:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.342
+        incl    r8
+noname.342:
+
+        movl    r10,12(r11)
+
+        clrl    r10
+
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-96(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-100(fp)
+        mull2   r0,r4
+        addl3   -96(fp),-100(fp),r0
+        bicl3   #0,r0,-96(fp)
+        cmpl    -96(fp),-100(fp)
+        bgequ   noname.343
+        addl2   #65536,r4
+noname.343:
+        movzwl  -94(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-96(fp),r0
+        ashl    #16,r0,-100(fp)
+        addl2   -100(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-100(fp)
+        bgequ   noname.344
+        incl    r4
+noname.344:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.345
+        incl    r2
+noname.345:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.346
+        incl    r10
+noname.346:
+
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-104(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-108(fp)
+        mull2   r0,r4
+        addl3   -104(fp),-108(fp),r0
+        bicl3   #0,r0,-104(fp)
+        cmpl    -104(fp),-108(fp)
+        bgequ   noname.347
+        addl2   #65536,r4
+noname.347:
+        movzwl  -102(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-104(fp),r0
+        ashl    #16,r0,-108(fp)
+        addl2   -108(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-108(fp)
+        bgequ   noname.348
+        incl    r4
+noname.348:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.349
+        incl    r2
+noname.349:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.350
+        incl    r10
+noname.350:
+
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-112(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-116(fp)
+        mull2   r0,r4
+        addl3   -112(fp),-116(fp),r0
+        bicl3   #0,r0,-112(fp)
+        cmpl    -112(fp),-116(fp)
+        bgequ   noname.351
+        addl2   #65536,r4
+noname.351:
+        movzwl  -110(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-112(fp),r0
+        ashl    #16,r0,-116(fp)
+        addl2   -116(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-116(fp)
+        bgequ   noname.352
+        incl    r4
+noname.352:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.353
+        incl    r2
+noname.353:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.354
+        incl    r10
+noname.354:
+
+        movl    r9,16(r11)
+
+        clrl    r9
+
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-120(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-124(fp)
+        mull2   r0,r4
+        addl3   -120(fp),-124(fp),r0
+        bicl3   #0,r0,-120(fp)
+        cmpl    -120(fp),-124(fp)
+        bgequ   noname.355
+        addl2   #65536,r4
+noname.355:
+        movzwl  -118(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-120(fp),r0
+        ashl    #16,r0,-124(fp)
+        addl2   -124(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-124(fp)
+        bgequ   noname.356
+        incl    r4
+noname.356:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.357
+        incl    r2
+noname.357:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.358
+        incl    r9
+noname.358:
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-136(fp)
+        bicl3   #-65536,r2,-140(fp)
+        mull3   r0,-136(fp),-128(fp)
+        mull2   r3,-136(fp)
+        mull3   r3,-140(fp),-132(fp)
+        mull2   r0,-140(fp)
+        addl3   -128(fp),-132(fp),r0
+        bicl3   #0,r0,-128(fp)
+        cmpl    -128(fp),-132(fp)
+        bgequ   noname.359
+        addl2   #65536,-140(fp)
+noname.359:
+        movzwl  -126(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-140(fp)
+        bicl3   #-65536,-128(fp),r0
+        ashl    #16,r0,-132(fp)
+        addl3   -132(fp),-136(fp),r0
+        bicl3   #0,r0,-136(fp)
+        cmpl    -136(fp),-132(fp)
+        bgequ   noname.360
+        incl    -140(fp)
+noname.360:
+        movl    -136(fp),r1
+        movl    -140(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.361
+        incl    r2
+noname.361:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.362
+        incl    r9
+noname.362:
+
+        movl    r8,20(r11)
+
+        clrl    r8
+
+        movzwl  14(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-152(fp)
+        bicl3   #-65536,r2,-156(fp)
+        mull3   r0,-152(fp),-144(fp)
+        mull2   r3,-152(fp)
+        mull3   r3,-156(fp),-148(fp)
+        mull2   r0,-156(fp)
+        addl3   -144(fp),-148(fp),r0
+        bicl3   #0,r0,-144(fp)
+        cmpl    -144(fp),-148(fp)
+        bgequ   noname.363
+        addl2   #65536,-156(fp)
+noname.363:
+        movzwl  -142(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-156(fp)
+        bicl3   #-65536,-144(fp),r0
+        ashl    #16,r0,-148(fp)
+        addl3   -148(fp),-152(fp),r0
+        bicl3   #0,r0,-152(fp)
+        cmpl    -152(fp),-148(fp)
+        bgequ   noname.364
+        incl    -156(fp)
+noname.364:
+        movl    -152(fp),r1
+        movl    -156(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.365
+        incl    r2
+noname.365:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.366
+        incl    r8
+noname.366:
+
+        movl    r10,24(r11)
+
+        movl    r9,28(r11)
+
+        ret     
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+
+        .psect  code,nowrt
+
+.entry  BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+        movab   -444(sp),sp
+
+        clrq    r8
+
+        clrl    r7
+
+        movl    8(ap),r4
+        movl    (r4),r3
+        bicl3   #-65536,r3,-4(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -4(fp),r0
+        mull3   r0,r3,-8(fp)
+        mull3   r0,r0,-4(fp)
+        mull2   r3,r3
+        bicl3   #32767,-8(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-8(fp),r0
+        ashl    #17,r0,-8(fp)
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.369
+        incl    r3
+noname.369:
+        movl    -4(fp),r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.370
+        incl    r2
+noname.370:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.371
+        incl    r7
+noname.371:
+
+        movl    r9,@4(ap)
+
+        clrl    r9
+
+        movzwl  6(r4),r2
+        bicl3   #-65536,(r4),r3
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r4),-20(fp)
+        bicl3   #-65536,r2,-24(fp)
+        mull3   r0,-20(fp),-12(fp)
+        mull2   r3,-20(fp)
+        mull3   r3,-24(fp),-16(fp)
+        mull2   r0,-24(fp)
+        addl3   -12(fp),-16(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-16(fp)
+        bgequ   noname.372
+        addl2   #65536,-24(fp)
+noname.372:
+        movzwl  -10(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-24(fp)
+        bicl3   #-65536,-12(fp),r0
+        ashl    #16,r0,-16(fp)
+        addl3   -16(fp),-20(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-16(fp)
+        bgequ   noname.373
+        incl    -24(fp)
+noname.373:
+        movl    -20(fp),r3
+        movl    -24(fp),r2
+        bbc     #31,r2,noname.374
+        incl    r9
+noname.374:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.375
+        incl    r2
+noname.375:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.376
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.376
+        incl    r9
+noname.376:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.377
+        incl    r9
+noname.377:
+
+        movl    4(ap),r0
+        movl    r8,4(r0)
+
+        clrl    r8
+
+        movl    8(ap),r4
+        movl    4(r4),r3
+        bicl3   #-65536,r3,-28(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -28(fp),r0
+        mull3   r0,r3,-32(fp)
+        mull3   r0,r0,-28(fp)
+        mull2   r3,r3
+        bicl3   #32767,-32(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-32(fp),r0
+        ashl    #17,r0,-32(fp)
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.378
+        incl    r3
+noname.378:
+        movl    -28(fp),r1
+        movl    r3,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.379
+        incl    r2
+noname.379:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.380
+        incl    r8
+noname.380:
+
+        movzwl  10(r4),r2
+        bicl3   #-65536,(r4),r3
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r4),-44(fp)
+        bicl3   #-65536,r2,-48(fp)
+        mull3   r0,-44(fp),-36(fp)
+        mull2   r3,-44(fp)
+        mull3   r3,-48(fp),-40(fp)
+        mull2   r0,-48(fp)
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.381
+        addl2   #65536,-48(fp)
+noname.381:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-48(fp)
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl3   -40(fp),-44(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-40(fp)
+        bgequ   noname.382
+        incl    -48(fp)
+noname.382:
+        movl    -44(fp),r3
+        movl    -48(fp),r2
+        bbc     #31,r2,noname.383
+        incl    r8
+noname.383:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.384
+        incl    r2
+noname.384:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.385
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.385
+        incl    r8
+noname.385:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.386
+        incl    r8
+noname.386:
+
+        movl    4(ap),r0
+        movl    r7,8(r0)
+
+        clrl    r7
+
+        movl    8(ap),r0
+        movzwl  14(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),-60(fp)
+        bicl3   #-65536,r2,-64(fp)
+        mull3   r1,-60(fp),-52(fp)
+        mull2   r3,-60(fp)
+        mull3   r3,-64(fp),-56(fp)
+        mull2   r1,-64(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.387
+        addl2   #65536,-64(fp)
+noname.387:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-64(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl3   -56(fp),-60(fp),r0
+        bicl3   #0,r0,-60(fp)
+        cmpl    -60(fp),-56(fp)
+        bgequ   noname.388
+        incl    -64(fp)
+noname.388:
+        movl    -60(fp),r3
+        movl    -64(fp),r2
+        bbc     #31,r2,noname.389
+        incl    r7
+noname.389:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.390
+        incl    r2
+noname.390:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.391
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.391
+        incl    r7
+noname.391:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.392
+        incl    r7
+noname.392:
+
+        movl    8(ap),r0
+        movzwl  10(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),-76(fp)
+        bicl3   #-65536,r2,-80(fp)
+        mull3   r1,-76(fp),-68(fp)
+        mull2   r3,-76(fp)
+        mull3   r3,-80(fp),-72(fp)
+        mull2   r1,-80(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-68(fp)
+        cmpl    -68(fp),-72(fp)
+        bgequ   noname.393
+        addl2   #65536,-80(fp)
+noname.393:
+        movzwl  -66(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-80(fp)
+        bicl3   #-65536,-68(fp),r0
+        ashl    #16,r0,-72(fp)
+        addl3   -72(fp),-76(fp),r0
+        bicl3   #0,r0,-76(fp)
+        cmpl    -76(fp),-72(fp)
+        bgequ   noname.394
+        incl    -80(fp)
+noname.394:
+        movl    -76(fp),r3
+        movl    -80(fp),r2
+        bbc     #31,r2,noname.395
+        incl    r7
+noname.395:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.396
+        incl    r2
+noname.396:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.397
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.397
+        incl    r7
+noname.397:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.398
+        incl    r7
+noname.398:
+
+        movl    4(ap),r0
+        movl    r9,12(r0)
+
+        clrl    r9
+
+        movl    8(ap),r2
+        movl    8(r2),r4
+        bicl3   #-65536,r4,-84(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -84(fp),r0
+        mull3   r0,r4,-88(fp)
+        mull3   r0,r0,-84(fp)
+        mull2   r4,r4
+        bicl3   #32767,-88(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-88(fp),r0
+        ashl    #17,r0,-88(fp)
+        addl3   -84(fp),-88(fp),r0
+        bicl3   #0,r0,-84(fp)
+        cmpl    -84(fp),-88(fp)
+        bgequ   noname.399
+        incl    r4
+noname.399:
+        movl    -84(fp),r1
+        movl    r4,r3
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.400
+        incl    r3
+noname.400:
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.401
+        incl    r9
+noname.401:
+
+        movzwl  14(r2),r3
+        bicl3   #-65536,4(r2),r1
+        movzwl  6(r2),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r2),-100(fp)
+        bicl3   #-65536,r3,-104(fp)
+        mull3   r0,-100(fp),-92(fp)
+        mull2   r1,-100(fp)
+        mull3   r1,-104(fp),-96(fp)
+        mull2   r0,-104(fp)
+        addl3   -92(fp),-96(fp),r0
+        bicl3   #0,r0,-92(fp)
+        cmpl    -92(fp),-96(fp)
+        bgequ   noname.402
+        addl2   #65536,-104(fp)
+noname.402:
+        movzwl  -90(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-104(fp)
+        bicl3   #-65536,-92(fp),r0
+        ashl    #16,r0,-96(fp)
+        addl3   -96(fp),-100(fp),r0
+        bicl3   #0,r0,-100(fp)
+        cmpl    -100(fp),-96(fp)
+        bgequ   noname.403
+        incl    -104(fp)
+noname.403:
+        movl    -100(fp),r3
+        movl    -104(fp),r2
+        bbc     #31,r2,noname.404
+        incl    r9
+noname.404:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.405
+        incl    r2
+noname.405:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.406
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.406
+        incl    r9
+noname.406:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.407
+        incl    r9
+noname.407:
+
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-116(fp)
+        bicl3   #-65536,r2,-120(fp)
+        mull3   r1,-116(fp),-108(fp)
+        mull2   r3,-116(fp)
+        mull3   r3,-120(fp),-112(fp)
+        mull2   r1,-120(fp)
+        addl3   -108(fp),-112(fp),r0
+        bicl3   #0,r0,-108(fp)
+        cmpl    -108(fp),-112(fp)
+        bgequ   noname.408
+        addl2   #65536,-120(fp)
+noname.408:
+        movzwl  -106(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-120(fp)
+        bicl3   #-65536,-108(fp),r0
+        ashl    #16,r0,-112(fp)
+        addl3   -112(fp),-116(fp),r0
+        bicl3   #0,r0,-116(fp)
+        cmpl    -116(fp),-112(fp)
+        bgequ   noname.409
+        incl    -120(fp)
+noname.409:
+        movl    -116(fp),r3
+        movl    -120(fp),r2
+        bbc     #31,r2,noname.410
+        incl    r9
+noname.410:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.411
+        incl    r2
+noname.411:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.412
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.412
+        incl    r9
+noname.412:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.413
+        incl    r9
+noname.413:
+
+        movl    4(ap),r0
+        movl    r8,16(r0)
+
+        clrl    r8
+
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-132(fp)
+        bicl3   #-65536,r2,-136(fp)
+        mull3   r1,-132(fp),-124(fp)
+        mull2   r3,-132(fp)
+        mull3   r3,-136(fp),-128(fp)
+        mull2   r1,-136(fp)
+        addl3   -124(fp),-128(fp),r0
+        bicl3   #0,r0,-124(fp)
+        cmpl    -124(fp),-128(fp)
+        bgequ   noname.414
+        addl2   #65536,-136(fp)
+noname.414:
+        movzwl  -122(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-136(fp)
+        bicl3   #-65536,-124(fp),r0
+        ashl    #16,r0,-128(fp)
+        addl3   -128(fp),-132(fp),r0
+        bicl3   #0,r0,-132(fp)
+        cmpl    -132(fp),-128(fp)
+        bgequ   noname.415
+        incl    -136(fp)
+noname.415:
+        movl    -132(fp),r3
+        movl    -136(fp),r2
+        bbc     #31,r2,noname.416
+        incl    r8
+noname.416:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.417
+        incl    r2
+noname.417:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.418
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.418
+        incl    r8
+noname.418:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.419
+        incl    r8
+noname.419:
+
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-148(fp)
+        bicl3   #-65536,r2,-152(fp)
+        mull3   r1,-148(fp),-140(fp)
+        mull2   r3,-148(fp)
+        mull3   r3,-152(fp),-144(fp)
+        mull2   r1,-152(fp)
+        addl3   -140(fp),-144(fp),r0
+        bicl3   #0,r0,-140(fp)
+        cmpl    -140(fp),-144(fp)
+        bgequ   noname.420
+        addl2   #65536,-152(fp)
+noname.420:
+        movzwl  -138(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-152(fp)
+        bicl3   #-65536,-140(fp),r0
+        ashl    #16,r0,-144(fp)
+        addl3   -144(fp),-148(fp),r0
+        bicl3   #0,r0,-148(fp)
+        cmpl    -148(fp),-144(fp)
+        bgequ   noname.421
+        incl    -152(fp)
+noname.421:
+        movl    -148(fp),r3
+        movl    -152(fp),r2
+        bbc     #31,r2,noname.422
+        incl    r8
+noname.422:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.423
+        incl    r2
+noname.423:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.424
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.424
+        incl    r8
+noname.424:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.425
+        incl    r8
+noname.425:
+
+        movl    8(ap),r0
+        movzwl  14(r0),r2
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),-164(fp)
+        bicl3   #-65536,r2,-168(fp)
+        mull3   r1,-164(fp),-156(fp)
+        mull2   r3,-164(fp)
+        mull3   r3,-168(fp),-160(fp)
+        mull2   r1,-168(fp)
+        addl3   -156(fp),-160(fp),r0
+        bicl3   #0,r0,-156(fp)
+        cmpl    -156(fp),-160(fp)
+        bgequ   noname.426
+        addl2   #65536,-168(fp)
+noname.426:
+        movzwl  -154(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-168(fp)
+        bicl3   #-65536,-156(fp),r0
+        ashl    #16,r0,-160(fp)
+        addl3   -160(fp),-164(fp),r0
+        bicl3   #0,r0,-164(fp)
+        cmpl    -164(fp),-160(fp)
+        bgequ   noname.427
+        incl    -168(fp)
+noname.427:
+        movl    -164(fp),r3
+        movl    -168(fp),r2
+        bbc     #31,r2,noname.428
+        incl    r8
+noname.428:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.429
+        incl    r2
+noname.429:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.430
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.430
+        incl    r8
+noname.430:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.431
+        incl    r8
+noname.431:
+
+        movl    4(ap),r0
+        movl    r7,20(r0)
+
+        clrl    r7
+
+        movl    8(ap),r2
+        movl    12(r2),r4
+        bicl3   #-65536,r4,-172(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -172(fp),r0
+        mull3   r0,r4,-176(fp)
+        mull3   r0,r0,-172(fp)
+        mull2   r4,r4
+        bicl3   #32767,-176(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-176(fp),r0
+        ashl    #17,r0,-176(fp)
+        addl3   -172(fp),-176(fp),r0
+        bicl3   #0,r0,-172(fp)
+        cmpl    -172(fp),-176(fp)
+        bgequ   noname.432
+        incl    r4
+noname.432:
+        movl    -172(fp),r1
+        movl    r4,r3
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.433
+        incl    r3
+noname.433:
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.434
+        incl    r7
+noname.434:
+
+        movzwl  18(r2),r3
+        bicl3   #-65536,8(r2),r1
+        movzwl  10(r2),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r2),-188(fp)
+        bicl3   #-65536,r3,-192(fp)
+        mull3   r0,-188(fp),-180(fp)
+        mull2   r1,-188(fp)
+        mull3   r1,-192(fp),-184(fp)
+        mull2   r0,-192(fp)
+        addl3   -180(fp),-184(fp),r0
+        bicl3   #0,r0,-180(fp)
+        cmpl    -180(fp),-184(fp)
+        bgequ   noname.435
+        addl2   #65536,-192(fp)
+noname.435:
+        movzwl  -178(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-192(fp)
+        bicl3   #-65536,-180(fp),r0
+        ashl    #16,r0,-184(fp)
+        addl3   -184(fp),-188(fp),r0
+        bicl3   #0,r0,-188(fp)
+        cmpl    -188(fp),-184(fp)
+        bgequ   noname.436
+        incl    -192(fp)
+noname.436:
+        movl    -188(fp),r3
+        movl    -192(fp),r2
+        bbc     #31,r2,noname.437
+        incl    r7
+noname.437:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.438
+        incl    r2
+noname.438:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.439
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.439
+        incl    r7
+noname.439:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.440
+        incl    r7
+noname.440:
+
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-204(fp)
+        bicl3   #-65536,r2,-208(fp)
+        mull3   r1,-204(fp),-196(fp)
+        mull2   r3,-204(fp)
+        mull3   r3,-208(fp),-200(fp)
+        mull2   r1,-208(fp)
+        addl3   -196(fp),-200(fp),r0
+        bicl3   #0,r0,-196(fp)
+        cmpl    -196(fp),-200(fp)
+        bgequ   noname.441
+        addl2   #65536,-208(fp)
+noname.441:
+        movzwl  -194(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-208(fp)
+        bicl3   #-65536,-196(fp),r0
+        ashl    #16,r0,-200(fp)
+        addl3   -200(fp),-204(fp),r0
+        bicl3   #0,r0,-204(fp)
+        cmpl    -204(fp),-200(fp)
+        bgequ   noname.442
+        incl    -208(fp)
+noname.442:
+        movl    -204(fp),r3
+        movl    -208(fp),r2
+        bbc     #31,r2,noname.443
+        incl    r7
+noname.443:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.444
+        incl    r2
+noname.444:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.445
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.445
+        incl    r7
+noname.445:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.446
+        incl    r7
+noname.446:
+
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-220(fp)
+        bicl3   #-65536,r2,-224(fp)
+        mull3   r1,-220(fp),-212(fp)
+        mull2   r3,-220(fp)
+        mull3   r3,-224(fp),-216(fp)
+        mull2   r1,-224(fp)
+        addl3   -212(fp),-216(fp),r0
+        bicl3   #0,r0,-212(fp)
+        cmpl    -212(fp),-216(fp)
+        bgequ   noname.447
+        addl2   #65536,-224(fp)
+noname.447:
+        movzwl  -210(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-224(fp)
+        bicl3   #-65536,-212(fp),r0
+        ashl    #16,r0,-216(fp)
+        addl3   -216(fp),-220(fp),r0
+        bicl3   #0,r0,-220(fp)
+        cmpl    -220(fp),-216(fp)
+        bgequ   noname.448
+        incl    -224(fp)
+noname.448:
+        movl    -220(fp),r3
+        movl    -224(fp),r2
+        bbc     #31,r2,noname.449
+        incl    r7
+noname.449:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.450
+        incl    r2
+noname.450:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.451
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.451
+        incl    r7
+noname.451:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.452
+        incl    r7
+noname.452:
+
+        movl    4(ap),r0
+        movl    r9,24(r0)
+
+        clrl    r9
+
+        movl    8(ap),r0
+        movzwl  30(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r0),-236(fp)
+        bicl3   #-65536,r2,-240(fp)
+        mull3   r1,-236(fp),-228(fp)
+        mull2   r3,-236(fp)
+        mull3   r3,-240(fp),-232(fp)
+        mull2   r1,-240(fp)
+        addl3   -228(fp),-232(fp),r0
+        bicl3   #0,r0,-228(fp)
+        cmpl    -228(fp),-232(fp)
+        bgequ   noname.453
+        addl2   #65536,-240(fp)
+noname.453:
+        movzwl  -226(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-240(fp)
+        bicl3   #-65536,-228(fp),r0
+        ashl    #16,r0,-232(fp)
+        addl3   -232(fp),-236(fp),r0
+        bicl3   #0,r0,-236(fp)
+        cmpl    -236(fp),-232(fp)
+        bgequ   noname.454
+        incl    -240(fp)
+noname.454:
+        movl    -236(fp),r3
+        movl    -240(fp),r2
+        bbc     #31,r2,noname.455
+        incl    r9
+noname.455:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.456
+        incl    r2
+noname.456:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.457
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.457
+        incl    r9
+noname.457:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.458
+        incl    r9
+noname.458:
+
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-252(fp)
+        bicl3   #-65536,r2,-256(fp)
+        mull3   r1,-252(fp),-244(fp)
+        mull2   r3,-252(fp)
+        mull3   r3,-256(fp),-248(fp)
+        mull2   r1,-256(fp)
+        addl3   -244(fp),-248(fp),r0
+        bicl3   #0,r0,-244(fp)
+        cmpl    -244(fp),-248(fp)
+        bgequ   noname.459
+        addl2   #65536,-256(fp)
+noname.459:
+        movzwl  -242(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-256(fp)
+        bicl3   #-65536,-244(fp),r0
+        ashl    #16,r0,-248(fp)
+        addl3   -248(fp),-252(fp),r0
+        bicl3   #0,r0,-252(fp)
+        cmpl    -252(fp),-248(fp)
+        bgequ   noname.460
+        incl    -256(fp)
+noname.460:
+        movl    -252(fp),r3
+        movl    -256(fp),r2
+        bbc     #31,r2,noname.461
+        incl    r9
+noname.461:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.462
+        incl    r2
+noname.462:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.463
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.463
+        incl    r9
+noname.463:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.464
+        incl    r9
+noname.464:
+
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-268(fp)
+        bicl3   #-65536,r2,-272(fp)
+        mull3   r1,-268(fp),-260(fp)
+        mull2   r3,-268(fp)
+        mull3   r3,-272(fp),-264(fp)
+        mull2   r1,-272(fp)
+        addl3   -260(fp),-264(fp),r0
+        bicl3   #0,r0,-260(fp)
+        cmpl    -260(fp),-264(fp)
+        bgequ   noname.465
+        addl2   #65536,-272(fp)
+noname.465:
+        movzwl  -258(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-272(fp)
+        bicl3   #-65536,-260(fp),r0
+        ashl    #16,r0,-264(fp)
+        addl3   -264(fp),-268(fp),r0
+        bicl3   #0,r0,-268(fp)
+        cmpl    -268(fp),-264(fp)
+        bgequ   noname.466
+        incl    -272(fp)
+noname.466:
+        movl    -268(fp),r3
+        movl    -272(fp),r2
+        bbc     #31,r2,noname.467
+        incl    r9
+noname.467:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.468
+        incl    r2
+noname.468:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.469
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.469
+        incl    r9
+noname.469:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.470
+        incl    r9
+noname.470:
+
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-284(fp)
+        bicl3   #-65536,r2,-288(fp)
+        mull3   r1,-284(fp),-276(fp)
+        mull2   r3,-284(fp)
+        mull3   r3,-288(fp),-280(fp)
+        mull2   r1,-288(fp)
+        addl3   -276(fp),-280(fp),r0
+        bicl3   #0,r0,-276(fp)
+        cmpl    -276(fp),-280(fp)
+        bgequ   noname.471
+        addl2   #65536,-288(fp)
+noname.471:
+        movzwl  -274(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-288(fp)
+        bicl3   #-65536,-276(fp),r0
+        ashl    #16,r0,-280(fp)
+        addl3   -280(fp),-284(fp),r0
+        bicl3   #0,r0,-284(fp)
+        cmpl    -284(fp),-280(fp)
+        bgequ   noname.472
+        incl    -288(fp)
+noname.472:
+        movl    -284(fp),r3
+        movl    -288(fp),r2
+        bbc     #31,r2,noname.473
+        incl    r9
+noname.473:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.474
+        incl    r2
+noname.474:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.475
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.475
+        incl    r9
+noname.475:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.476
+        incl    r9
+noname.476:
+
+        movl    4(ap),r0
+        movl    r8,28(r0)
+
+        clrl    r8
+
+        movl    8(ap),r3
+        movl    16(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-292(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-292(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-292(fp),r0
+        ashl    #17,r0,-292(fp)
+        addl2   -292(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-292(fp)
+        bgequ   noname.477
+        incl    r4
+noname.477:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.478
+        incl    r2
+noname.478:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.479
+        incl    r8
+noname.479:
+
+        bicl3   #-65536,20(r3),r4
+        movzwl  22(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r3),r2
+        movzwl  14(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-296(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-300(fp)
+        mull2   r0,r5
+        addl3   -296(fp),-300(fp),r0
+        bicl3   #0,r0,-296(fp)
+        cmpl    -296(fp),-300(fp)
+        bgequ   noname.480
+        addl2   #65536,r5
+noname.480:
+        movzwl  -294(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-296(fp),r0
+        ashl    #16,r0,-300(fp)
+        addl2   -300(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-300(fp)
+        bgequ   noname.481
+        incl    r5
+noname.481:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.482
+        incl    r8
+noname.482:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.483
+        incl    r2
+noname.483:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.484
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.484
+        incl    r8
+noname.484:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.485
+        incl    r8
+noname.485:
+
+        movl    8(ap),r0
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),r2
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-304(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-308(fp)
+        mull2   r0,r4
+        addl3   -304(fp),-308(fp),r0
+        bicl3   #0,r0,-304(fp)
+        cmpl    -304(fp),-308(fp)
+        bgequ   noname.486
+        addl2   #65536,r4
+noname.486:
+        movzwl  -302(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-304(fp),r0
+        ashl    #16,r0,-308(fp)
+        addl2   -308(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-308(fp)
+        bgequ   noname.487
+        incl    r4
+noname.487:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.488
+        incl    r8
+noname.488:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.489
+        incl    r2
+noname.489:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.490
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.490
+        incl    r8
+noname.490:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.491
+        incl    r8
+noname.491:
+
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r0),r2
+        movzwl  6(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-312(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-316(fp)
+        mull2   r0,r4
+        addl3   -312(fp),-316(fp),r0
+        bicl3   #0,r0,-312(fp)
+        cmpl    -312(fp),-316(fp)
+        bgequ   noname.492
+        addl2   #65536,r4
+noname.492:
+        movzwl  -310(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-312(fp),r0
+        ashl    #16,r0,-316(fp)
+        addl2   -316(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-316(fp)
+        bgequ   noname.493
+        incl    r4
+noname.493:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.494
+        incl    r8
+noname.494:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.495
+        incl    r2
+noname.495:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.496
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.496
+        incl    r8
+noname.496:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.497
+        incl    r8
+noname.497:
+
+        movl    4(ap),r0
+        movl    r7,32(r0)
+
+        clrl    r7
+
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r2
+        bicl3   #-65536,8(r0),r1
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-328(fp)
+        mull3   r0,r4,-320(fp)
+        mull2   r1,r4
+        mull3   r1,-328(fp),-324(fp)
+        mull2   r0,-328(fp)
+        addl3   -320(fp),-324(fp),r0
+        bicl3   #0,r0,-320(fp)
+        cmpl    -320(fp),-324(fp)
+        bgequ   noname.498
+        addl2   #65536,-328(fp)
+noname.498:
+        movzwl  -318(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-328(fp)
+        bicl3   #-65536,-320(fp),r0
+        ashl    #16,r0,-324(fp)
+        addl2   -324(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-324(fp)
+        bgequ   noname.499
+        incl    -328(fp)
+noname.499:
+        movl    r4,r3
+        movl    -328(fp),r2
+        bbc     #31,r2,noname.500
+        incl    r7
+noname.500:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.501
+        incl    r2
+noname.501:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.502
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.502
+        incl    r7
+noname.502:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.503
+        incl    r7
+noname.503:
+
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-340(fp)
+        bicl3   #-65536,r2,-344(fp)
+        mull3   r1,-340(fp),-332(fp)
+        mull2   r3,-340(fp)
+        mull3   r3,-344(fp),-336(fp)
+        mull2   r1,-344(fp)
+        addl3   -332(fp),-336(fp),r0
+        bicl3   #0,r0,-332(fp)
+        cmpl    -332(fp),-336(fp)
+        bgequ   noname.504
+        addl2   #65536,-344(fp)
+noname.504:
+        movzwl  -330(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-344(fp)
+        bicl3   #-65536,-332(fp),r0
+        ashl    #16,r0,-336(fp)
+        addl3   -336(fp),-340(fp),r0
+        bicl3   #0,r0,-340(fp)
+        cmpl    -340(fp),-336(fp)
+        bgequ   noname.505
+        incl    -344(fp)
+noname.505:
+        movl    -340(fp),r3
+        movl    -344(fp),r2
+        bbc     #31,r2,noname.506
+        incl    r7
+noname.506:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.507
+        incl    r2
+noname.507:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.508
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.508
+        incl    r7
+noname.508:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.509
+        incl    r7
+noname.509:
+
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,16(r0),r3
+        movzwl  18(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-356(fp)
+        bicl3   #-65536,r2,-360(fp)
+        mull3   r1,-356(fp),-348(fp)
+        mull2   r3,-356(fp)
+        mull3   r3,-360(fp),-352(fp)
+        mull2   r1,-360(fp)
+        addl3   -348(fp),-352(fp),r0
+        bicl3   #0,r0,-348(fp)
+        cmpl    -348(fp),-352(fp)
+        bgequ   noname.510
+        addl2   #65536,-360(fp)
+noname.510:
+        movzwl  -346(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-360(fp)
+        bicl3   #-65536,-348(fp),r0
+        ashl    #16,r0,-352(fp)
+        addl3   -352(fp),-356(fp),r0
+        bicl3   #0,r0,-356(fp)
+        cmpl    -356(fp),-352(fp)
+        bgequ   noname.511
+        incl    -360(fp)
+noname.511:
+        movl    -356(fp),r3
+        movl    -360(fp),r2
+        bbc     #31,r2,noname.512
+        incl    r7
+noname.512:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.513
+        incl    r2
+noname.513:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.514
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.514
+        incl    r7
+noname.514:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.515
+        incl    r7
+noname.515:
+
+        movl    4(ap),r0
+        movl    r9,36(r0)
+
+        clrl    r9
+
+        movl    8(ap),r3
+        movl    20(r3),r4
+        bicl3   #-65536,r4,-364(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -364(fp),r0
+        mull3   r0,r4,-368(fp)
+        mull3   r0,r0,-364(fp)
+        mull2   r4,r4
+        bicl3   #32767,-368(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-368(fp),r0
+        ashl    #17,r0,-368(fp)
+        addl3   -364(fp),-368(fp),r0
+        bicl3   #0,r0,-364(fp)
+        cmpl    -364(fp),-368(fp)
+        bgequ   noname.516
+        incl    r4
+noname.516:
+        movl    -364(fp),r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.517
+        incl    r2
+noname.517:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.518
+        incl    r9
+noname.518:
+
+        bicl3   #-65536,24(r3),r4
+        movzwl  26(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r3),r2
+        movzwl  18(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-372(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-376(fp)
+        mull2   r0,r5
+        addl3   -372(fp),-376(fp),r0
+        bicl3   #0,r0,-372(fp)
+        cmpl    -372(fp),-376(fp)
+        bgequ   noname.519
+        addl2   #65536,r5
+noname.519:
+        movzwl  -370(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-372(fp),r0
+        ashl    #16,r0,-376(fp)
+        addl2   -376(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-376(fp)
+        bgequ   noname.520
+        incl    r5
+noname.520:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.521
+        incl    r9
+noname.521:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.522
+        incl    r2
+noname.522:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.523
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.523
+        incl    r9
+noname.523:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.524
+        incl    r9
+noname.524:
+
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),r2
+        movzwl  14(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-380(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-384(fp)
+        mull2   r0,r4
+        addl3   -380(fp),-384(fp),r0
+        bicl3   #0,r0,-380(fp)
+        cmpl    -380(fp),-384(fp)
+        bgequ   noname.525
+        addl2   #65536,r4
+noname.525:
+        movzwl  -378(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-380(fp),r0
+        ashl    #16,r0,-384(fp)
+        addl2   -384(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-384(fp)
+        bgequ   noname.526
+        incl    r4
+noname.526:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.527
+        incl    r9
+noname.527:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.528
+        incl    r2
+noname.528:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.529
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.529
+        incl    r9
+noname.529:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.530
+        incl    r9
+noname.530:
+        movl    4(ap),r0
+        movl    r8,40(r0)
+
+        clrl    r8
+
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),r2
+        movzwl  18(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-388(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-392(fp)
+        mull2   r0,r4
+        addl3   -388(fp),-392(fp),r0
+        bicl3   #0,r0,-388(fp)
+        cmpl    -388(fp),-392(fp)
+        bgequ   noname.531
+        addl2   #65536,r4
+noname.531:
+        movzwl  -386(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-388(fp),r0
+        ashl    #16,r0,-392(fp)
+        addl2   -392(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-392(fp)
+        bgequ   noname.532
+        incl    r4
+noname.532:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.533
+        incl    r8
+noname.533:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.534
+        incl    r2
+noname.534:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.535
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.535
+        incl    r8
+noname.535:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.536
+        incl    r8
+noname.536:
+
+        movl    8(ap),r0
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),r2
+        movzwl  22(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-396(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-400(fp)
+        mull2   r0,r4
+        addl3   -396(fp),-400(fp),r0
+        bicl3   #0,r0,-396(fp)
+        cmpl    -396(fp),-400(fp)
+        bgequ   noname.537
+        addl2   #65536,r4
+noname.537:
+        movzwl  -394(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-396(fp),r0
+        ashl    #16,r0,-400(fp)
+        addl2   -400(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-400(fp)
+        bgequ   noname.538
+        incl    r4
+noname.538:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.539
+        incl    r8
+noname.539:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.540
+        incl    r2
+noname.540:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.541
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.541
+        incl    r8
+noname.541:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.542
+        incl    r8
+noname.542:
+
+        movl    4(ap),r0
+        movl    r7,44(r0)
+
+        clrl    r7
+
+        movl    8(ap),r3
+        movl    24(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-404(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-404(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-404(fp),r0
+        ashl    #17,r0,-404(fp)
+        addl2   -404(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-404(fp)
+        bgequ   noname.543
+        incl    r4
+noname.543:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.544
+        incl    r2
+noname.544:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.545
+        incl    r7
+noname.545:
+
+        movzwl  30(r3),r2
+        bicl3   #-65536,20(r3),r1
+        movzwl  22(r3),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r3),-416(fp)
+        bicl3   #-65536,r2,-420(fp)
+        mull3   r0,-416(fp),-408(fp)
+        mull2   r1,-416(fp)
+        mull3   r1,-420(fp),-412(fp)
+        mull2   r0,-420(fp)
+        addl3   -408(fp),-412(fp),r0
+        bicl3   #0,r0,-408(fp)
+        cmpl    -408(fp),-412(fp)
+        bgequ   noname.546
+        addl2   #65536,-420(fp)
+noname.546:
+        movzwl  -406(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-420(fp)
+        bicl3   #-65536,-408(fp),r0
+        ashl    #16,r0,-412(fp)
+        addl3   -412(fp),-416(fp),r0
+        bicl3   #0,r0,-416(fp)
+        cmpl    -416(fp),-412(fp)
+        bgequ   noname.547
+        incl    -420(fp)
+noname.547:
+        movl    -416(fp),r3
+        movl    -420(fp),r2
+        bbc     #31,r2,noname.548
+        incl    r7
+noname.548:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.549
+        incl    r2
+noname.549:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.550
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.550
+        incl    r7
+noname.550:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.551
+        incl    r7
+noname.551:
+
+        movl    4(ap),r0
+        movl    r9,48(r0)
+
+        clrl    r9
+
+        movl    8(ap),r0
+        movzwl  30(r0),r2
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r0),-432(fp)
+        bicl3   #-65536,r2,-436(fp)
+        mull3   r1,-432(fp),-424(fp)
+        mull2   r3,-432(fp)
+        mull3   r3,-436(fp),-428(fp)
+        mull2   r1,-436(fp)
+        addl3   -424(fp),-428(fp),r0
+        bicl3   #0,r0,-424(fp)
+        cmpl    -424(fp),-428(fp)
+        bgequ   noname.552
+        addl2   #65536,-436(fp)
+noname.552:
+        movzwl  -422(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-436(fp)
+        bicl3   #-65536,-424(fp),r0
+        ashl    #16,r0,-428(fp)
+        addl3   -428(fp),-432(fp),r0
+        bicl3   #0,r0,-432(fp)
+        cmpl    -432(fp),-428(fp)
+        bgequ   noname.553
+        incl    -436(fp)
+noname.553:
+        movl    -432(fp),r3
+        movl    -436(fp),r2
+        bbc     #31,r2,noname.554
+        incl    r9
+noname.554:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.555
+        incl    r2
+noname.555:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.556
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.556
+        incl    r9
+noname.556:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.557
+        incl    r9
+noname.557:
+
+        movl    4(ap),r4
+        movl    r8,52(r4)
+
+        clrl    r8
+
+        movl    8(ap),r0
+        movl    28(r0),r3
+        bicl3   #-65536,r3,-440(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -440(fp),r0
+        mull3   r0,r3,-444(fp)
+        mull3   r0,r0,-440(fp)
+        mull2   r3,r3
+        bicl3   #32767,-444(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-444(fp),r0
+        ashl    #17,r0,-444(fp)
+        addl3   -440(fp),-444(fp),r0
+        bicl3   #0,r0,-440(fp)
+        cmpl    -440(fp),-444(fp)
+        bgequ   noname.558
+        incl    r3
+noname.558:
+        movl    -440(fp),r1
+        movl    r3,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.559
+        incl    r2
+noname.559:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.560
+        incl    r8
+noname.560:
+
+        movl    r7,56(r4)
+
+        movl    r9,60(r4)
+
+        ret     
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+
+        .psect  code,nowrt
+
+.entry  BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+        subl2   #44,sp
+
+        clrq    r8
+
+        clrl    r10
+
+        movl    8(ap),r5
+        movl    (r5),r3
+        bicl3   #-65536,r3,r4
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r4,r3,-4(fp)
+        mull2   r4,r4
+        mull2   r3,r3
+        bicl3   #32767,-4(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-4(fp),r0
+        ashl    #17,r0,-4(fp)
+        addl2   -4(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-4(fp)
+        bgequ   noname.563
+        incl    r3
+noname.563:
+        movl    r4,r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.564
+        incl    r2
+noname.564:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.565
+        incl    r10
+noname.565:
+
+        movl    r9,@4(ap)
+
+        clrl    r9
+
+        bicl3   #-65536,4(r5),r3
+        movzwl  6(r5),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r5),r2
+        movzwl  2(r5),r0
+        bicl2   #-65536,r0
+        movl    r3,r6
+        movl    r1,r4
+        mull3   r0,r6,-8(fp)
+        mull2   r2,r6
+        mull2   r4,r2
+        mull2   r0,r4
+        addl3   -8(fp),r2,r0
+        bicl3   #0,r0,-8(fp)
+        cmpl    -8(fp),r2
+        bgequ   noname.566
+        addl2   #65536,r4
+noname.566:
+        movzwl  -6(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-8(fp),r0
+        ashl    #16,r0,r1
+        addl2   r1,r6
+        bicl2   #0,r6
+        cmpl    r6,r1
+        bgequ   noname.567
+        incl    r4
+noname.567:
+        movl    r6,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.568
+        incl    r9
+noname.568:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.569
+        incl    r2
+noname.569:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.570
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.570
+        incl    r9
+noname.570:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.571
+        incl    r9
+noname.571:
+
+        movl    4(ap),r0
+        movl    r8,4(r0)
+
+        clrl    r8
+
+        movl    8(ap),r4
+        movl    4(r4),r3
+        bicl3   #-65536,r3,r5
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r5,r3,r1
+        mull2   r5,r5
+        mull2   r3,r3
+        bicl3   #32767,r1,r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl2   #-65536,r1
+        ashl    #17,r1,r1
+        addl2   r1,r5
+        bicl2   #0,r5
+        cmpl    r5,r1
+        bgequ   noname.572
+        incl    r3
+noname.572:
+        movl    r5,r1
+        movl    r3,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.573
+        incl    r2
+noname.573:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.574
+        incl    r8
+noname.574:
+
+        bicl3   #-65536,8(r4),r3
+        movzwl  10(r4),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r4),r2
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        movl    r3,r6
+        movl    r1,r5
+        mull3   r0,r6,r7
+        mull2   r2,r6
+        mull2   r5,r2
+        mull2   r0,r5
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.575
+        addl2   #65536,r5
+noname.575:
+        extzv   #16,#16,r7,r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,r7,r0
+        ashl    #16,r0,r1
+        addl2   r1,r6
+        bicl2   #0,r6
+        cmpl    r6,r1
+        bgequ   noname.576
+        incl    r5
+noname.576:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.577
+        incl    r8
+noname.577:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.578
+        incl    r2
+noname.578:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r10
+        bicl2   #0,r10
+        cmpl    r10,r3
+        bgequ   noname.579
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.579
+        incl    r8
+noname.579:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.580
+        incl    r8
+noname.580:
+
+        movl    4(ap),r0
+        movl    r10,8(r0)
+
+        clrl    r10
+
+        movl    8(ap),r0
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r0),r2
+        movzwl  2(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,r6
+        mull2   r2,r5
+        mull3   r2,r4,-12(fp)
+        mull2   r0,r4
+        addl2   -12(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-12(fp)
+        bgequ   noname.581
+        addl2   #65536,r4
+noname.581:
+        extzv   #16,#16,r6,r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,r6,r0
+        ashl    #16,r0,-12(fp)
+        addl2   -12(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-12(fp)
+        bgequ   noname.582
+        incl    r4
+noname.582:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.583
+        incl    r10
+noname.583:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.584
+        incl    r2
+noname.584:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.585
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.585
+        incl    r10
+noname.585:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.586
+        incl    r10
+noname.586:
+
+        movl    8(ap),r0
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r0),r2
+        movzwl  6(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-16(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-20(fp)
+        mull2   r0,r4
+        addl3   -16(fp),-20(fp),r0
+        bicl3   #0,r0,-16(fp)
+        cmpl    -16(fp),-20(fp)
+        bgequ   noname.587
+        addl2   #65536,r4
+noname.587:
+        movzwl  -14(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-16(fp),r0
+        ashl    #16,r0,-20(fp)
+        addl2   -20(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-20(fp)
+        bgequ   noname.588
+        incl    r4
+noname.588:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.589
+        incl    r10
+noname.589:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.590
+        incl    r2
+noname.590:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.591
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.591
+        incl    r10
+noname.591:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.592
+        incl    r10
+noname.592:
+        movl    4(ap),r0
+        movl    r9,12(r0)
+
+        clrl    r9
+
+        movl    8(ap),r3
+        movl    8(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-24(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-24(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-24(fp),r0
+        ashl    #17,r0,-24(fp)
+        addl2   -24(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-24(fp)
+        bgequ   noname.593
+        incl    r4
+noname.593:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.594
+        incl    r2
+noname.594:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.595
+        incl    r9
+noname.595:
+
+        bicl3   #-65536,12(r3),r4
+        movzwl  14(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r3),r2
+        movzwl  6(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-28(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-32(fp)
+        mull2   r0,r5
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.596
+        addl2   #65536,r5
+noname.596:
+        movzwl  -26(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-28(fp),r0
+        ashl    #16,r0,-32(fp)
+        addl2   -32(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-32(fp)
+        bgequ   noname.597
+        incl    r5
+noname.597:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.598
+        incl    r9
+noname.598:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.599
+        incl    r2
+noname.599:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.600
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.600
+        incl    r9
+noname.600:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.601
+        incl    r9
+noname.601:
+
+        movl    4(ap),r0
+        movl    r8,16(r0)
+
+        clrl    r8
+
+        movl    8(ap),r0
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),r2
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-36(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-40(fp)
+        mull2   r0,r4
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.602
+        addl2   #65536,r4
+noname.602:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl2   -40(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-40(fp)
+        bgequ   noname.603
+        incl    r4
+noname.603:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.604
+        incl    r8
+noname.604:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.605
+        incl    r2
+noname.605:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r10
+        bicl2   #0,r10
+        cmpl    r10,r3
+        bgequ   noname.606
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.606
+        incl    r8
+noname.606:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.607
+        incl    r8
+noname.607:
+
+        movl    4(ap),r4
+        movl    r10,20(r4)
+
+        clrl    r10
+
+        movl    8(ap),r0
+        movl    12(r0),r3
+        bicl3   #-65536,r3,r5
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r5,r3,-44(fp)
+        mull2   r5,r5
+        mull2   r3,r3
+        bicl3   #32767,-44(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-44(fp),r0
+        ashl    #17,r0,-44(fp)
+        addl2   -44(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-44(fp)
+        bgequ   noname.608
+        incl    r3
+noname.608:
+        movl    r5,r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.609
+        incl    r2
+noname.609:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.610
+        incl    r10
+noname.610:
+
+        movl    r9,24(r4)
+
+        movl    r8,28(r4)
+
+        ret     
+
+; For now, the code below doesn't work, so I end this prematurely.
+.end
diff --git a/src/lib/libcrypto/bn/asm/x86/f b/src/lib/libcrypto/bn/asm/x86/f
new file mode 100644
index 0000000000..22e4112224
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/f
@@ -0,0 +1,3 @@
+#!/usr/local/bin/perl
+# x86 assember
+
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 21a1a3fe35..f34248ec4f 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -538,8 +538,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
         const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
-void    BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -776,20 +774,11 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)           bn_check_top(a)
 
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
-        do { \
-                const BIGNUM *_bnum2 = (bn); \
-                assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
-        } while(0)
-
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)           bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
 
 #endif
 
diff --git a/src/lib/libcrypto/bn/bn.mul b/src/lib/libcrypto/bn/bn.mul
new file mode 100644
index 0000000000..9728870d38
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn.mul
@@ -0,0 +1,19 @@
+We need
+
+* bn_mul_comba8
+* bn_mul_comba4
+* bn_mul_normal
+* bn_mul_recursive
+
+* bn_sqr_comba8
+* bn_sqr_comba4
+bn_sqr_normal -> BN_sqr
+* bn_sqr_recursive
+
+* bn_mul_low_recursive
+* bn_mul_low_normal
+* bn_mul_high
+
+* bn_mul_part_recursive # symetric but not power of 2
+
+bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 7b2403185e..52b3304293 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -141,7 +141,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                   <appro@fy.chalmers.se>
     */
-#undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divl   %4"                     \
@@ -156,7 +155,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                   <appro@fy.chalmers.se>
     */
-#  undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divq   %4"                     \
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index a808f53178..4a352119ba 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -205,7 +205,6 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
 BIGNUM *BN_mod_inverse(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
         {
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 817c773b65..eecfd8cc99 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -282,23 +282,16 @@ extern "C" {
 #  endif
 # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #  if defined(__GNUC__) && __GNUC__>=2
-#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
-#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
-#     define BN_UMULT_LOHI(low,high,a,b) ({     \
-        __uint128_t ret=(__uint128_t)(a)*(b);   \
-        (high)=ret>>64; (low)=ret;       })
-#   else
-#     define BN_UMULT_HIGH(a,b) ({      \
+#   define BN_UMULT_HIGH(a,b)   ({      \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#     define BN_UMULT_LOHI(low,high,a,b)\
+#   define BN_UMULT_LOHI(low,high,a,b)  \
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
-#    endif
 #  endif
 # endif         /* cpu */
 #endif          /* OPENSSL_NO_ASM */
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 5461e6ee7d..7a5676de69 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -824,55 +824,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
                 }
         return bn_cmp_words(a,b,cl);
         }
-
-/* 
- * Constant-time conditional swap of a and b.  
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-        {
-        BN_ULONG t;
-        int i;
-
-        bn_wcheck_size(a, nwords);
-        bn_wcheck_size(b, nwords);
-
-        assert(a != b);
-        assert((condition & (condition - 1)) == 0);
-        assert(sizeof(BN_ULONG) >= sizeof(int));
-
-        condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
-        t = (a->top^b->top) & condition;
-        a->top ^= t;
-        b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
-        do { \
-                t = (a->d[ind] ^ b->d[ind]) & condition; \
-                a->d[ind] ^= t; \
-                b->d[ind] ^= t; \
-        } while (0)
-
-
-        switch (nwords) {
-        default:
-                for (i = 10; i < nwords; i++) 
-                        BN_CONSTTIME_SWAP(i);
-                /* Fallthrough */
-        case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-        case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-        case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-        case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-        case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-        case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-        case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-        case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-        case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-        case 1: BN_CONSTTIME_SWAP(0);
-        }
-#undef BN_CONSTTIME_SWAP
-}
diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c
index e22968d4a3..43caee4770 100644
--- a/src/lib/libcrypto/bn/bn_nist.c
+++ b/src/lib/libcrypto/bn/bn_nist.c
@@ -286,25 +286,26 @@ const BIGNUM *BN_get0_nist_prime_521(void)
         }
 
 
-static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
         {
         int i;
+        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
         OPENSSL_assert(top <= max);
 #endif
-        for (i = 0; i < top; i++)
-                dst[i] = src[i];
-        for (; i < max; i++)
-                dst[i] = 0;
+        for (i = (top); i != 0; i--)
+                *_tmp1++ = *_tmp2++;
+        for (i = (max) - (top); i != 0; i--)
+                *_tmp1++ = (BN_ULONG) 0;
         }
 
-static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
+static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
         { 
         int i;
-
-        for (i = 0; i < top; i++)
-                dst[i] = src[i];
+        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+        for (i = (top); i != 0; i--)
+                *_tmp1++ = *_tmp2++;
         }
 
 #if BN_BITS2 == 64
@@ -450,9 +451,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          */
         mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = c_d;
         res   = (BN_ULONG *)
-         (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
+         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -479,11 +479,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
-        union   {
-                BN_ULONG        bn[BN_NIST_224_TOP];
-                unsigned int    ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
-                } buf;
-        BN_ULONG c_d[BN_NIST_224_TOP],
+        BN_ULONG buf[BN_NIST_224_TOP],
+                 c_d[BN_NIST_224_TOP],
                 *res;
         PTR_SIZE_INT mask;
         union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -522,18 +519,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* copy upper 256 bits of 448 bit number ... */
         nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
         /* ... and right shift by 32 to obtain upper 224 bits */
-        nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
+        nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
         /* truncate lower part to 224 bits too */
         r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-        nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
         {
         NIST_INT64              acc;    /* accumulator */
         unsigned int            *rp=(unsigned int *)r_d;
-        const unsigned int      *bp=(const unsigned int *)buf.ui;
+        const unsigned int      *bp=(const unsigned int *)buf;
 
         acc  = rp[0];   acc -= bp[7-7];
                         acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -568,13 +565,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         {
         BN_ULONG t_d[BN_NIST_224_TOP];
 
-        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
+        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
         carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
+        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
         carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
+        nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
+        nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -609,8 +606,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* otherwise it's effectively same as in BN_nist_mod_192... */
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = c_d;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
@@ -809,8 +805,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = c_d;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
@@ -1031,8 +1026,7 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = c_d;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
@@ -1098,8 +1092,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
         mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = t_d;
-        res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
diff --git a/src/lib/libcrypto/bn/bnspeed.c b/src/lib/libcrypto/bn/bnspeed.c
new file mode 100644
index 0000000000..b554ac8cf8
--- /dev/null
+++ b/src/lib/libcrypto/bn/bnspeed.c
@@ -0,0 +1,233 @@
+/* unused */
+
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START   0
+#define STOP    1
+
+static double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+
+#define NUM_SIZES       5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+
+int main(int argc, char **argv)
+        {
+        BN_CTX *ctx;
+        BIGNUM a,b,c;
+
+        ctx=BN_CTX_new();
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+
+        do_mul(&a,&b,&c,ctx);
+        }
+
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+        {
+        int i,j,k;
+        double tm;
+        long num;
+
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<num; k++)
+                                BN_mul(r,b,a,ctx);
+                        tm=Time_F(STOP);
+                        printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+                        }
+                }
+
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_sqr(r,a,ctx);
+                tm=Time_F(STOP);
+                printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+                }
+
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM/10;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i]-1,1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<100000; k++)
+                                BN_div(r, NULL, b, a,ctx);
+                        tm=Time_F(STOP);
+                        printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+                        }
+                }
+        }
+
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
new file mode 100644
index 0000000000..06f5954acc
--- /dev/null
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -0,0 +1,2013 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+const int num0 = 100; /* number of tests */
+const int num1 = 50;  /* additional tests for some functions */
+const int num2 = 5;   /* number of tests for slow functions */
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_word(BIO *bp);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+static int results=0;
+
+static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+static void message(BIO *out, char *m)
+        {
+        fprintf(stderr, "test %s\n", m);
+        BIO_puts(out, "print \"test ");
+        BIO_puts(out, m);
+        BIO_puts(out, "\\n\"\n");
+        }
+
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx;
+        BIO *out;
+        char *outfile=NULL;
+
+        results = 0;
+
+        RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if (strcmp(*argv,"-results") == 0)
+                        results=1;
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) break;
+                        outfile= *(++argv);
+                        }
+                argc--;
+                argv++;
+                }
+
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        if (outfile == NULL)
+                {
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                }
+        else
+                {
+                if (!BIO_write_filename(out,outfile))
+                        {
+                        perror(outfile);
+                        EXIT(1);
+                        }
+                }
+
+        if (!results)
+                BIO_puts(out,"obase=16\nibase=16\n");
+
+        message(out,"BN_add");
+        if (!test_add(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_sub");
+        if (!test_sub(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_lshift1");
+        if (!test_lshift1(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_lshift (fixed)");
+        if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
+            goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_lshift");
+        if (!test_lshift(out,ctx,NULL)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_rshift1");
+        if (!test_rshift1(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_rshift");
+        if (!test_rshift(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_sqr");
+        if (!test_sqr(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mul");
+        if (!test_mul(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_div");
+        if (!test_div(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_div_word");
+        if (!test_div_word(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_div_recp");
+        if (!test_div_recp(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mod");
+        if (!test_mod(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mod_mul");
+        if (!test_mod_mul(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mont");
+        if (!test_mont(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mod_exp");
+        if (!test_mod_exp(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mod_exp_mont_consttime");
+        if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_exp");
+        if (!test_exp(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_kronecker");
+        if (!test_kron(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_mod_sqrt");
+        if (!test_sqrt(out,ctx)) goto err;
+        (void)BIO_flush(out);
+#ifndef OPENSSL_NO_EC2M
+        message(out,"BN_GF2m_add");
+        if (!test_gf2m_add(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod");
+        if (!test_gf2m_mod(out)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_mul");
+        if (!test_gf2m_mod_mul(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_sqr");
+        if (!test_gf2m_mod_sqr(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_inv");
+        if (!test_gf2m_mod_inv(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_div");
+        if (!test_gf2m_mod_div(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_exp");
+        if (!test_gf2m_mod_exp(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_sqrt");
+        if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
+        (void)BIO_flush(out);
+
+        message(out,"BN_GF2m_mod_solve_quad");
+        if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
+        (void)BIO_flush(out);
+#endif
+        BN_CTX_free(ctx);
+        BIO_free(out);
+
+/**/
+        EXIT(0);
+err:
+        BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+                              * the failure, see test_bn in test/Makefile.ssl*/
+        (void)BIO_flush(out);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        EXIT(1);
+        return(1);
+        }
+
+int test_add(BIO *bp)
+        {
+        BIGNUM a,b,c;
+        int i;
+
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+
+        BN_bntest_rand(&a,512,0,0);
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(&b,450+i,0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_add(&c,&a,&b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," + ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                a.neg=!a.neg;
+                b.neg=!b.neg;
+                BN_add(&c,&c,&b);
+                BN_add(&c,&c,&a);
+                if(!BN_is_zero(&c))
+                    {
+                    fprintf(stderr,"Add test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        return(1);
+        }
+
+int test_sub(BIO *bp)
+        {
+        BIGNUM a,b,c;
+        int i;
+
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,512,0,0);
+                        BN_copy(&b,&a);
+                        if (BN_set_bit(&a,i)==0) return(0);
+                        BN_add_word(&b,i);
+                        }
+                else
+                        {
+                        BN_bntest_rand(&b,400+i-num1,0,0);
+                        a.neg=rand_neg();
+                        b.neg=rand_neg();
+                        }
+                BN_sub(&c,&a,&b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," - ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_add(&c,&c,&b);
+                BN_sub(&c,&c,&a);
+                if(!BN_is_zero(&c))
+                    {
+                    fprintf(stderr,"Subtract test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        return(1);
+        }
+
+int test_div(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,e;
+        int i;
+
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,400,0,0);
+                        BN_copy(&b,&a);
+                        BN_lshift(&a,&a,i);
+                        BN_add_word(&a,i);
+                        }
+                else
+                        BN_bntest_rand(&b,50+3*(i-num1),0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_div(&d,&c,&a,&b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&d);
+                        BIO_puts(bp,"\n");
+
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(&e,&d,&b,ctx);
+                BN_add(&d,&e,&c);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Division test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        return(1);
+        }
+
+static void print_word(BIO *bp,BN_ULONG w)
+        {
+#ifdef SIXTY_FOUR_BIT
+        if (sizeof(w) > sizeof(unsigned long))
+                {
+                unsigned long   h=(unsigned long)(w>>32),
+                                l=(unsigned long)(w);
+
+                if (h)  BIO_printf(bp,"%lX%08lX",h,l);
+                else    BIO_printf(bp,"%lX",l);
+                return;
+                }
+#endif
+        BIO_printf(bp,BN_HEX_FMT1,w);
+        }
+
+int test_div_word(BIO *bp)
+        {
+        BIGNUM   a,b;
+        BN_ULONG r,s;
+        int i;
+
+        BN_init(&a);
+        BN_init(&b);
+
+        for (i=0; i<num0; i++)
+                {
+                do {
+                        BN_bntest_rand(&a,512,-1,0);
+                        BN_bntest_rand(&b,BN_BITS2,-1,0);
+                        s = b.d[0];
+                } while (!s);
+
+                BN_copy(&b, &a);
+                r = BN_div_word(&b, s);
+
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," / ");
+                                print_word(bp,s);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&b);
+                        BIO_puts(bp,"\n");
+
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," % ");
+                                print_word(bp,s);
+                                BIO_puts(bp," - ");
+                                }
+                        print_word(bp,r);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul_word(&b,s);
+                BN_add_word(&b,r);
+                BN_sub(&b,&a,&b);
+                if(!BN_is_zero(&b))
+                    {
+                    fprintf(stderr,"Division (word) test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        return(1);
+        }
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,e;
+        BN_RECP_CTX recp;
+        int i;
+
+        BN_RECP_CTX_init(&recp);
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,400,0,0);
+                        BN_copy(&b,&a);
+                        BN_lshift(&a,&a,i);
+                        BN_add_word(&a,i);
+                        }
+                else
+                        BN_bntest_rand(&b,50+3*(i-num1),0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_RECP_CTX_set(&recp,&b,ctx);
+                BN_div_recp(&d,&c,&a,&recp,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&d);
+                        BIO_puts(bp,"\n");
+
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(&e,&d,&b,ctx);
+                BN_add(&d,&e,&c);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Reciprocal division test failed!\n");
+                    fprintf(stderr,"a=");
+                    BN_print_fp(stderr,&a);
+                    fprintf(stderr,"\nb=");
+                    BN_print_fp(stderr,&b);
+                    fprintf(stderr,"\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        BN_RECP_CTX_free(&recp);
+        return(1);
+        }
+
+int test_mul(BIO *bp)
+        {
+        BIGNUM a,b,c,d,e;
+        int i;
+        BN_CTX *ctx;
+
+        ctx = BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+        
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i <= num1)
+                        {
+                        BN_bntest_rand(&a,100,0,0);
+                        BN_bntest_rand(&b,100,0,0);
+                        }
+                else
+                        BN_bntest_rand(&b,i-num1,0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_mul(&c,&a,&b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(&d,&e,&c,&a,ctx);
+                BN_sub(&d,&d,&b);
+                if(!BN_is_zero(&d) || !BN_is_zero(&e))
+                    {
+                    fprintf(stderr,"Multiplication test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        BN_CTX_free(ctx);
+        return(1);
+        }
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,c,d,e;
+        int i;
+
+        BN_init(&a);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(&a,40+i*10,0,0);
+                a.neg=rand_neg();
+                BN_sqr(&c,&a,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&a);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(&d,&e,&c,&a,ctx);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d) || !BN_is_zero(&e))
+                    {
+                    fprintf(stderr,"Square test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        return(1);
+        }
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,A,B;
+        BIGNUM n;
+        int i;
+        BN_MONT_CTX *mont;
+
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&A);
+        BN_init(&B);
+        BN_init(&n);
+
+        mont=BN_MONT_CTX_new();
+        if (mont == NULL)
+                return 0;
+
+        BN_bntest_rand(&a,100,0,0); /**/
+        BN_bntest_rand(&b,100,0,0); /**/
+        for (i=0; i<num2; i++)
+                {
+                int bits = (200*(i+1))/num2;
+
+                if (bits == 0)
+                        continue;
+                BN_bntest_rand(&n,bits,0,1);
+                BN_MONT_CTX_set(mont,&n,ctx);
+
+                BN_nnmod(&a,&a,&n,ctx);
+                BN_nnmod(&b,&b,&n,ctx);
+
+                BN_to_montgomery(&A,&a,mont,ctx);
+                BN_to_montgomery(&B,&b,mont,ctx);
+
+                BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+                BN_from_montgomery(&A,&c,mont,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(&a),
+BN_num_bits(&b),
+BN_num_bits(mont->N));
+#endif
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&(mont->N));
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&A);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mod_mul(&d,&a,&b,&n,ctx);
+                BN_sub(&d,&d,&A);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Montgomery multiplication test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_MONT_CTX_free(mont);
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&A);
+        BN_free(&B);
+        BN_free(&n);
+        return(1);
+        }
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        BN_bntest_rand(a,1024,0,0); /**/
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(b,450+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                BN_mod(c,a,b,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(d,e,a,b,ctx);
+                BN_sub(e,e,c);
+                if(!BN_is_zero(e))
+                    {
+                    fprintf(stderr,"Modulo test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i,j;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        for (j=0; j<3; j++) {
+        BN_bntest_rand(c,1024,0,0); /**/
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a,475+i*10,0,0); /**/
+                BN_bntest_rand(b,425+i*11,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (!BN_mod_mul(e,a,b,c,ctx))
+                        {
+                        unsigned long l;
+
+                        while ((l=ERR_get_error()))
+                                fprintf(stderr,"ERROR:%s\n",
+                                        ERR_error_string(l,NULL));
+                        EXIT(1);
+                        }
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                if ((a->neg ^ b->neg) && !BN_is_zero(e))
+                                        {
+                                        /* If  (a*b) % c  is negative,  c  must be added
+                                         * in order to obtain the normalized remainder
+                                         * (new with OpenSSL 0.9.7, previous versions of
+                                         * BN_mod_mul could generate negative results)
+                                         */
+                                        BIO_puts(bp," + ");
+                                        BN_print(bp,c);
+                                        }
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,e);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(d,a,b,ctx);
+                BN_sub(d,d,e);
+                BN_div(a,b,d,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo multiply test failed!\n");
+                    ERR_print_errors_fp(stderr);
+                    return 0;
+                    }
+                }
+        }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+
+                if (!BN_mod_exp(d,a,b,c,ctx))
+                        return(0);
+
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_exp(e,a,b,ctx);
+                BN_sub(e,e,d);
+                BN_div(a,b,e,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+
+                if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+                        return(00);
+
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_exp(e,a,b,ctx);
+                BN_sub(e,e,d);
+                BN_div(a,b,e,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*d,*e,*one;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        d=BN_new();
+        e=BN_new();
+        one=BN_new();
+        BN_one(one);
+
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+
+                if (BN_exp(d,a,b,ctx) <= 0)
+                        return(0);
+
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_one(e);
+                for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+                    BN_mul(e,e,a,ctx);
+                BN_sub(e,e,d);
+                if(!BN_is_zero(e))
+                    {
+                    fprintf(stderr,"Exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(d);
+        BN_free(e);
+        BN_free(one);
+        return(1);
+        }
+#ifndef OPENSSL_NO_EC2M
+int test_gf2m_add(BIO *bp)
+        {
+        BIGNUM a,b,c;
+        int i, ret = 0;
+
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_rand(&a,512,0,0);
+                BN_copy(&b, BN_value_one());
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_GF2m_add(&c,&a,&b);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," = ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+#endif
+                /* Test that two added values have the correct parity. */
+                if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
+                        {
+                    fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
+                        goto err;
+                        }
+                BN_GF2m_add(&c,&c,&c);
+                /* Test that c + c = 0. */
+                if(!BN_is_zero(&c))
+                    {
+                    fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
+                        goto err;
+                    }
+                }
+        ret = 1;
+  err:
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        return ret;
+        }
+
+int test_gf2m_mod(BIO *bp)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 1024, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod(c, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp," % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp," - ");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        BN_GF2m_add(d, a, c);
+                        BN_GF2m_mod(e, d, b[j]);
+                        /* Test that a + (a mod p) mod p == 0. */
+                        if(!BN_is_zero(e))
+                                {
+                                fprintf(stderr,"GF(2^m) modulo test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return ret;
+        }
+
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        f=BN_new();
+        g=BN_new();
+        h=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 1024, 0, 0);
+                BN_bntest_rand(c, 1024, 0, 0);
+                BN_bntest_rand(d, 1024, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp," * ");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp," % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp," - ");
+                                        BN_print(bp,e);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        BN_GF2m_add(f, a, d);
+                        BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+                        BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+                        BN_GF2m_add(f, e, g);
+                        BN_GF2m_add(f, f, h);
+                        /* Test that (a+d)*c = a*c + d*c. */
+                        if(!BN_is_zero(f))
+                                {
+                                fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        BN_free(f);
+        BN_free(g);
+        BN_free(h);
+        return ret;
+        }
+
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 1024, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod_sqr(c, a, b[j], ctx);
+                        BN_copy(d, a);
+                        BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp," ^ 2 % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp, " = ");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp,"; a * a = ");
+                                        BN_print(bp,d);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        BN_GF2m_add(d, c, d);
+                        /* Test that a*a = a^2. */
+                        if(!BN_is_zero(d))
+                                {
+                                fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        return ret;
+        }
+
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 512, 0, 0); 
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod_inv(c, a, b[j], ctx);
+                        BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp, " * ");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp," - 1 % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        /* Test that ((1/a)*a) = 1. */
+                        if(!BN_is_one(d))
+                                {
+                                fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        return ret;
+        }
+
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e,*f;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        f=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 512, 0, 0); 
+                BN_bntest_rand(c, 512, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod_div(d, a, c, b[j], ctx);
+                        BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+                        BN_GF2m_mod_div(f, a, e, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp, " = ");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp," * ");
+                                        BN_print(bp,d);
+                                        BIO_puts(bp, " % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        /* Test that ((a/c)*c)/a = 1. */
+                        if(!BN_is_one(f))
+                                {
+                                fprintf(stderr,"GF(2^m) modular division test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        BN_free(f);
+        return ret;
+        }
+
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e,*f;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        f=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 512, 0, 0);
+                BN_bntest_rand(c, 512, 0, 0);
+                BN_bntest_rand(d, 512, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+                        BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+                        BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+                        BN_add(f, c, d);
+                        BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,a);
+                                        BIO_puts(bp, " ^ (");
+                                        BN_print(bp,c);
+                                        BIO_puts(bp," + ");
+                                        BN_print(bp,d);
+                                        BIO_puts(bp, ") = ");
+                                        BN_print(bp,e);
+                                        BIO_puts(bp, "; - ");
+                                        BN_print(bp,f);
+                                        BIO_puts(bp, " % ");
+                                        BN_print(bp,b[j]);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        BN_GF2m_add(f, e, f);
+                        /* Test that a^(c+d)=a^c*a^d. */
+                        if(!BN_is_zero(f))
+                                {
+                                fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        BN_free(f);
+        return ret;
+        }
+
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e,*f;
+        int i, j, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        f=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 512, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        BN_GF2m_mod(c, a, b[j]);
+                        BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+                        BN_GF2m_mod_sqr(e, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                        if (bp != NULL)
+                                {
+                                if (!results)
+                                        {
+                                        BN_print(bp,d);
+                                        BIO_puts(bp, " ^ 2 - ");
+                                        BN_print(bp,a);
+                                        BIO_puts(bp,"\n");
+                                        }
+                                }
+#endif
+                        BN_GF2m_add(f, c, e);
+                        /* Test that d^2 = a, where d = sqrt(a). */
+                        if(!BN_is_zero(f))
+                                {
+                                fprintf(stderr,"GF(2^m) modular square root test failed!\n");
+                                goto err;
+                                }
+                        }
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        BN_free(f);
+        return ret;
+        }
+
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b[2],*c,*d,*e;
+        int i, j, s = 0, t, ret = 0;
+        int p0[] = {163,7,6,3,0,-1};
+        int p1[] = {193,15,0,-1};
+
+        a=BN_new();
+        b[0]=BN_new();
+        b[1]=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+
+        BN_GF2m_arr2poly(p0, b[0]);
+        BN_GF2m_arr2poly(p1, b[1]);
+
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a, 512, 0, 0);
+                for (j=0; j < 2; j++)
+                        {
+                        t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+                        if (t)
+                                {
+                                s++;
+                                BN_GF2m_mod_sqr(d, c, b[j], ctx);
+                                BN_GF2m_add(d, c, d);
+                                BN_GF2m_mod(e, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                                if (bp != NULL)
+                                        {
+                                        if (!results)
+                                                {
+                                                BN_print(bp,c);
+                                                BIO_puts(bp, " is root of z^2 + z = ");
+                                                BN_print(bp,a);
+                                                BIO_puts(bp, " % ");
+                                                BN_print(bp,b[j]);
+                                                BIO_puts(bp, "\n");
+                                                }
+                                        }
+#endif
+                                BN_GF2m_add(e, e, d);
+                                /* Test that solution of quadratic c satisfies c^2 + c = a. */
+                                if(!BN_is_zero(e))
+                                        {
+                                        fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
+                                        goto err;
+                                        }
+
+                                }
+                        else 
+                                {
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+                                if (bp != NULL)
+                                        {
+                                        if (!results)
+                                                {
+                                                BIO_puts(bp, "There are no roots of z^2 + z = ");
+                                                BN_print(bp,a);
+                                                BIO_puts(bp, " % ");
+                                                BN_print(bp,b[j]);
+                                                BIO_puts(bp, "\n");
+                                                }
+                                        }
+#endif
+                                }
+                        }
+                }
+        if (s == 0)
+                {       
+                fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
+                fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
+                goto err;
+                }
+        ret = 1;
+  err:
+        BN_free(a);
+        BN_free(b[0]);
+        BN_free(b[1]);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return ret;
+        }
+#endif
+static int genprime_cb(int p, int n, BN_GENCB *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        putc(c, stderr);
+        fflush(stderr);
+        return 1;
+        }
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+        {
+        BN_GENCB cb;
+        BIGNUM *a,*b,*r,*t;
+        int i;
+        int legendre, kronecker;
+        int ret = 0;
+
+        a = BN_new();
+        b = BN_new();
+        r = BN_new();
+        t = BN_new();
+        if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+
+        BN_GENCB_set(&cb, genprime_cb, NULL);
+        
+        /* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
+         * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
+         * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+         * So we generate a random prime  b  and compare these values
+         * for a number of random  a's.  (That is, we run the Solovay-Strassen
+         * primality test to confirm that  b  is prime, except that we
+         * don't want to test whether  b  is prime but whether BN_kronecker
+         * works.) */
+
+        if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
+        b->neg = rand_neg();
+        putc('\n', stderr);
+
+        for (i = 0; i < num0; i++)
+                {
+                if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+                a->neg = rand_neg();
+
+                /* t := (|b|-1)/2  (note that b is odd) */
+                if (!BN_copy(t, b)) goto err;
+                t->neg = 0;
+                if (!BN_sub_word(t, 1)) goto err;
+                if (!BN_rshift1(t, t)) goto err;
+                /* r := a^t mod b */
+                b->neg=0;
+                
+                if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+                b->neg=1;
+
+                if (BN_is_word(r, 1))
+                        legendre = 1;
+                else if (BN_is_zero(r))
+                        legendre = 0;
+                else
+                        {
+                        if (!BN_add_word(r, 1)) goto err;
+                        if (0 != BN_ucmp(r, b))
+                                {
+                                fprintf(stderr, "Legendre symbol computation failed\n");
+                                goto err;
+                                }
+                        legendre = -1;
+                        }
+                
+                kronecker = BN_kronecker(a, b, ctx);
+                if (kronecker < -1) goto err;
+                /* we actually need BN_kronecker(a, |b|) */
+                if (a->neg && b->neg)
+                        kronecker = -kronecker;
+                
+                if (legendre != kronecker)
+                        {
+                        fprintf(stderr, "legendre != kronecker; a = ");
+                        BN_print_fp(stderr, a);
+                        fprintf(stderr, ", b = ");
+                        BN_print_fp(stderr, b);
+                        fprintf(stderr, "\n");
+                        goto err;
+                        }
+
+                putc('.', stderr);
+                fflush(stderr);
+                }
+
+        putc('\n', stderr);
+        fflush(stderr);
+        ret = 1;
+ err:
+        if (a != NULL) BN_free(a);
+        if (b != NULL) BN_free(b);
+        if (r != NULL) BN_free(r);
+        if (t != NULL) BN_free(t);
+        return ret;
+        }
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+        {
+        BN_GENCB cb;
+        BIGNUM *a,*p,*r;
+        int i, j;
+        int ret = 0;
+
+        a = BN_new();
+        p = BN_new();
+        r = BN_new();
+        if (a == NULL || p == NULL || r == NULL) goto err;
+
+        BN_GENCB_set(&cb, genprime_cb, NULL);
+
+        for (i = 0; i < 16; i++)
+                {
+                if (i < 8)
+                        {
+                        unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+                        
+                        if (!BN_set_word(p, primes[i])) goto err;
+                        }
+                else
+                        {
+                        if (!BN_set_word(a, 32)) goto err;
+                        if (!BN_set_word(r, 2*i + 1)) goto err;
+                
+                        if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
+                        putc('\n', stderr);
+                        }
+                p->neg = rand_neg();
+
+                for (j = 0; j < num2; j++)
+                        {
+                        /* construct 'a' such that it is a square modulo p,
+                         * but in general not a proper square and not reduced modulo p */
+                        if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+                        if (!BN_nnmod(r, r, p, ctx)) goto err;
+                        if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+                        if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+                        if (!BN_nnmod(a, a, p, ctx)) goto err;
+                        if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+                        if (!BN_mul(a, a, r, ctx)) goto err;
+                        if (rand_neg())
+                                if (!BN_sub(a, a, p)) goto err;
+
+                        if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+                        if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+
+                        if (!BN_nnmod(a, a, p, ctx)) goto err;
+
+                        if (BN_cmp(a, r) != 0)
+                                {
+                                fprintf(stderr, "BN_mod_sqrt failed: a = ");
+                                BN_print_fp(stderr, a);
+                                fprintf(stderr, ", r = ");
+                                BN_print_fp(stderr, r);
+                                fprintf(stderr, ", p = ");
+                                BN_print_fp(stderr, p);
+                                fprintf(stderr, "\n");
+                                goto err;
+                                }
+
+                        putc('.', stderr);
+                        fflush(stderr);
+                        }
+                
+                putc('\n', stderr);
+                fflush(stderr);
+                }
+        ret = 1;
+ err:
+        if (a != NULL) BN_free(a);
+        if (p != NULL) BN_free(p);
+        if (r != NULL) BN_free(r);
+        return ret;
+        }
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+        {
+        BIGNUM *a,*b,*c,*d;
+        int i;
+
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        BN_one(c);
+
+        if(a_)
+            a=a_;
+        else
+            {
+            a=BN_new();
+            BN_bntest_rand(a,200,0,0); /**/
+            a->neg=rand_neg();
+            }
+        for (i=0; i<num0; i++)
+                {
+                BN_lshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(d,a,c,ctx);
+                BN_sub(d,d,b);
+                if(!BN_is_zero(d))
+                    {
+                    fprintf(stderr,"Left shift test failed!\n");
+                    fprintf(stderr,"a=");
+                    BN_print_fp(stderr,a);
+                    fprintf(stderr,"\nb=");
+                    BN_print_fp(stderr,b);
+                    fprintf(stderr,"\nc=");
+                    BN_print_fp(stderr,c);
+                    fprintf(stderr,"\nd=");
+                    BN_print_fp(stderr,d);
+                    fprintf(stderr,"\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        return(1);
+        }
+
+int test_lshift1(BIO *bp)
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_lshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_add(c,a,a);
+                BN_sub(a,b,c);
+                if(!BN_is_zero(a))
+                    {
+                    fprintf(stderr,"Left shift one test failed!\n");
+                    return 0;
+                    }
+                
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+
+int test_rshift(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_one(c);
+
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_rshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(d,e,a,c,ctx);
+                BN_sub(d,d,b);
+                if(!BN_is_zero(d))
+                    {
+                    fprintf(stderr,"Right shift test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+
+int test_rshift1(BIO *bp)
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_rshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_sub(c,a,b);
+                BN_sub(c,c,b);
+                if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
+                    {
+                    fprintf(stderr,"Right shift one test failed!\n");
+                    return 0;
+                    }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+
+int rand_neg(void)
+        {
+        static unsigned int neg=0;
+        static int sign[8]={0,0,0,1,1,0,1,1};
+
+        return(sign[(neg++)%8]);
+        }
diff --git a/src/lib/libcrypto/bn/divtest.c b/src/lib/libcrypto/bn/divtest.c
new file mode 100644
index 0000000000..d3fc688f33
--- /dev/null
+++ b/src/lib/libcrypto/bn/divtest.c
@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int Rand(n)
+{
+    unsigned char x[2];
+    RAND_pseudo_bytes(x,2);
+    return (x[0] + 2*x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+    printf("%s!\na=",m);
+    BN_print_fp(stdout, a);
+    printf("\nb=");
+    BN_print_fp(stdout, b);
+    printf("\n");
+    fflush(stdout);
+}
+
+main()
+{
+    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+        *C=BN_new(), *D=BN_new();
+    BN_RECP_CTX *recp=BN_RECP_CTX_new();
+    BN_CTX *ctx=BN_CTX_new();
+
+    for(;;) {
+        BN_pseudo_rand(a,Rand(),0,0);
+        BN_pseudo_rand(b,Rand(),0,0);
+        if (BN_is_zero(b)) continue;
+
+        BN_RECP_CTX_set(recp,b,ctx);
+        if (BN_div(C,D,a,b,ctx) != 1)
+            bug("BN_div failed",a,b);
+        if (BN_div_recp(c,d,a,recp,ctx) != 1)
+            bug("BN_div_recp failed",a,b);
+        else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+            bug("mismatch",a,b);
+    }
+}
diff --git a/src/lib/libcrypto/bn/exp.c b/src/lib/libcrypto/bn/exp.c
new file mode 100644
index 0000000000..4865b0ef74
--- /dev/null
+++ b/src/lib/libcrypto/bn/exp.c
@@ -0,0 +1,62 @@
+/* unused */
+
+#include <stdio.h>
+#include <openssl/tmdiff.h>
+#include "bn_lcl.h"
+
+#define SIZE    256
+#define NUM     (8*8*8)
+#define MOD     (8*8*8*8*8)
+
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX ctx;
+        BIGNUM a,b,c,r,rr,t,l;
+        int j,i,size=SIZE,num=NUM,mod=MOD;
+        char *start,*end;
+        BN_MONT_CTX mont;
+        double d,md;
+
+        BN_MONT_CTX_init(&mont);
+        BN_CTX_init(&ctx);
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&r);
+
+        start=ms_time_new();
+        end=ms_time_new();
+        while (size <= 1024*8)
+                {
+                BN_rand(&a,size,0,0);
+                BN_rand(&b,size,1,0);
+                BN_rand(&c,size,0,1);
+
+                BN_mod(&a,&a,&c,&ctx);
+
+                ms_time_get(start);
+                for (i=0; i<10; i++)
+                        BN_MONT_CTX_set(&mont,&c,&ctx);
+                ms_time_get(end);
+                md=ms_time_diff(start,end);
+
+                ms_time_get(start);
+                for (i=0; i<num; i++)
+                        {
+                        /* bn_mull(&r,&a,&b,&ctx); */
+                        /* BN_sqr(&r,&a,&ctx); */
+                        BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
+                        }
+                ms_time_get(end);
+                d=ms_time_diff(start,end)/* *50/33 */;
+                printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
+                        d,num,d/num,(int)((d/num)*mod),md/10.0);
+                num/=8;
+                mod/=8;
+                if (num <= 0) num=1;
+                size*=2;
+                }
+
+        }
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
new file mode 100644
index 0000000000..4d5f221f33
--- /dev/null
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -0,0 +1,353 @@
+/* unused */
+
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 5000
+#define NUM_START 0
+
+
+/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
+
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+#  error "choose one test"
+#endif
+
+#if defined(TEST_INV) || defined(TEST_SQRT)
+#  define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+
+
+
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+
+static double Time_F(int s);
+#define START   0
+#define STOP    1
+
+static double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+
+#define NUM_SIZES       7
+#if NUM_START > NUM_SIZES
+#   error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
+
+int main(int argc, char **argv)
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+
+#if 1
+        if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
+                abort();
+#endif
+
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+
+        while (!RAND_status())
+                /* not enough bits */
+                RAND_SEED("I demand a manual recount!");
+
+        do_mul_exp(r,a,b,c,ctx);
+        return 0;
+        }
+
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
+        {
+        int i,k;
+        double tm;
+        long num;
+
+        num=BASENUM;
+        for (i=NUM_START; i<NUM_SIZES; i++)
+                {
+#ifdef C_PRIME
+#  ifdef TEST_SQRT
+                if (!BN_set_word(a, 64)) goto err;
+                if (!BN_set_word(b, P_MOD_64)) goto err;
+#    define ADD a
+#    define REM b
+#  else
+#    define ADD NULL
+#    define REM NULL
+#  endif
+                if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
+                putc('\n', stderr);
+                fflush(stderr);
+#endif
+
+                for (k=0; k<num; k++)
+                        {
+                        if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
+                                {
+                                if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
+
+                                if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
+
+#ifndef C_PRIME
+                                if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
+#endif
+
+#ifdef TEST_SQRT                                
+                                if (!BN_mod_sqr(a,a,c,ctx)) goto err;
+                                if (!BN_mod_sqr(b,b,c,ctx)) goto err;
+#else
+                                if (!BN_nnmod(a,a,c,ctx)) goto err;
+                                if (!BN_nnmod(b,b,c,ctx)) goto err;
+#endif
+
+                                if (k == 0)
+                                        Time_F(START);
+                                }
+
+#if defined(TEST_EXP)
+                        if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
+#elif defined(TEST_MUL)
+                        {
+                        int i = 0;
+                        for (i = 0; i < 50; i++)
+                                if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
+                        }
+#elif defined(TEST_SQR)
+                        {
+                        int i = 0;
+                        for (i = 0; i < 50; i++)
+                                {
+                                if (!BN_mod_sqr(r,a,c,ctx)) goto err;
+                                if (!BN_mod_sqr(r,b,c,ctx)) goto err;
+                                }
+                        }
+#elif defined(TEST_GCD)
+                        if (!BN_gcd(r,a,b,ctx)) goto err;
+                        if (!BN_gcd(r,b,c,ctx)) goto err;
+                        if (!BN_gcd(r,c,a,ctx)) goto err;
+#elif defined(TEST_KRON)
+                        if (-2 == BN_kronecker(a,b,ctx)) goto err;
+                        if (-2 == BN_kronecker(b,c,ctx)) goto err;
+                        if (-2 == BN_kronecker(c,a,ctx)) goto err;
+#elif defined(TEST_INV)
+                        if (!BN_mod_inverse(r,a,c,ctx)) goto err;
+                        if (!BN_mod_inverse(r,b,c,ctx)) goto err;
+#else /* TEST_SQRT */
+                        if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
+                        if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
+#endif
+                        }
+                tm=Time_F(STOP);
+                printf(
+#if defined(TEST_EXP)
+                        "modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+                        "50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+                        "100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+                        "3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+                        "3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+                        "2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+                        "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+                        " -> %8.6fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+                        P_MOD_64,
+#endif
+                        sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
+                num/=7;
+                if (num <= 0) num=1;
+                }
+        return;
+
+ err:
+        ERR_print_errors_fp(stderr);
+        }
+
+
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        putc(c, stderr);
+        fflush(stderr);
+        (void)n;
+        (void)arg;
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
new file mode 100644
index 0000000000..074a8e882a
--- /dev/null
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -0,0 +1,204 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS        (BN_BITS*2)
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx;
+        BIO *out=NULL;
+        int i,ret;
+        unsigned char c;
+        BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
+
+        RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
+                                               * even check its return value
+                                               * (which we should) */
+
+        ERR_load_BN_strings();
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+        r_mont=BN_new();
+        r_mont_const=BN_new();
+        r_recp=BN_new();
+        r_simple=BN_new();
+        a=BN_new();
+        b=BN_new();
+        m=BN_new();
+        if (    (r_mont == NULL) || (r_recp == NULL) ||
+                (a == NULL) || (b == NULL))
+                goto err;
+
+        out=BIO_new(BIO_s_file());
+
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+        for (i=0; i<200; i++)
+                {
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(a,NUM_BITS+c,0,0);
+
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(b,NUM_BITS+c,0,0);
+
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(m,NUM_BITS+c,0,1);
+
+                BN_mod(a,a,m,ctx);
+                BN_mod(b,b,m,ctx);
+
+                ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_mont() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+
+                ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_recp() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+
+                ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_simple() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+
+                ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_mont_consttime() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+
+                if (BN_cmp(r_simple, r_mont) == 0
+                    && BN_cmp(r_simple,r_recp) == 0
+                        && BN_cmp(r_simple,r_mont_const) == 0)
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                else
+                        {
+                        if (BN_cmp(r_simple,r_mont) != 0)
+                                printf("\nsimple and mont results differ\n");
+                        if (BN_cmp(r_simple,r_mont_const) != 0)
+                                printf("\nsimple and mont const time results differ\n");
+                        if (BN_cmp(r_simple,r_recp) != 0)
+                                printf("\nsimple and recp results differ\n");
+
+                        printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+                        printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+                        printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+                        printf("\nsimple   ="); BN_print(out,r_simple);
+                        printf("\nrecp     ="); BN_print(out,r_recp);
+                        printf("\nmont     ="); BN_print(out,r_mont);
+                        printf("\nmont_ct  ="); BN_print(out,r_mont_const);
+                        printf("\n");
+                        EXIT(1);
+                        }
+                }
+        BN_free(r_mont);
+        BN_free(r_mont_const);
+        BN_free(r_recp);
+        BN_free(r_simple);
+        BN_free(a);
+        BN_free(b);
+        BN_free(m);
+        BN_CTX_free(ctx);
+        ERR_remove_thread_state(NULL);
+        CRYPTO_mem_leaks(out);
+        BIO_free(out);
+        printf(" done\n");
+        EXIT(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+#ifdef OPENSSL_SYS_NETWARE
+    printf("ERROR\n");
+#endif
+        EXIT(1);
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/bn/todo b/src/lib/libcrypto/bn/todo
new file mode 100644
index 0000000000..e47e381aea
--- /dev/null
+++ b/src/lib/libcrypto/bn/todo
@@ -0,0 +1,3 @@
+Cache RECP_CTX values
+make the result argument independant of the inputs.
+split up the _exp_ functions
diff --git a/src/lib/libcrypto/bn/vms-helper.c b/src/lib/libcrypto/bn/vms-helper.c
new file mode 100644
index 0000000000..4b63149bf3
--- /dev/null
+++ b/src/lib/libcrypto/bn/vms-helper.c
@@ -0,0 +1,68 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+bn_div_words_abort(int i)
+{
+#ifdef BN_DEBUG
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+        fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+        abort();
+#endif
+}
diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile
new file mode 100644
index 0000000000..2efba47f07
--- /dev/null
+++ b/src/lib/libcrypto/buffer/Makefile
@@ -0,0 +1,97 @@
+#
+# OpenSSL/crypto/buffer/Makefile
+#
+
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_str.c buf_err.c
+LIBOBJ= buffer.o buf_str.o buf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buf_err.o: buf_err.c
+buf_str.o: ../../e_os.h ../../include/openssl/bio.h
+buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index d4a4ce43b3..d7aa79ad7f 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         return(len);
         }
 
-void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
         {
         size_t i;
         if (in)
                 {
                 out += size - 1;
                 for (i = 0; i < size; i++)
-                        *out-- = *in++;
+                        *in++ = *out--;
                 }
         else
                 {
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
index f8da32b485..178e418282 100644
--- a/src/lib/libcrypto/buffer/buffer.h
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -88,7 +88,7 @@ int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
-void    BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
 
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libcrypto/buildinf.h b/src/lib/libcrypto/buildinf.h
new file mode 100644
index 0000000000..957f09d5fd
--- /dev/null
+++ b/src/lib/libcrypto/buildinf.h
@@ -0,0 +1,6 @@
+#ifndef MK1MF_BUILD
+  /* auto-generated by crypto/Makefile for crypto/cversion.c */
+  #define CFLAGS "cc -O"
+  #define PLATFORM "dist"
+  #define DATE "Sat Aug 21 10:52:09 EST 2010"
+#endif
diff --git a/src/lib/libcrypto/camellia/Makefile b/src/lib/libcrypto/camellia/Makefile
new file mode 100644
index 0000000000..6ce6fc99cd
--- /dev/null
+++ b/src/lib/libcrypto/camellia/Makefile
@@ -0,0 +1,110 @@
+#
+# crypto/camellia/Makefile
+#
+
+DIR= camellia
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=camelliatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
+           cmll_cfb.c cmll_ctr.c cmll_utl.c
+
+LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o cmll_utl.o $(CMLL_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= camellia.h
+HEADER= cmll_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+cmll-x86.s:     asm/cmll-x86.pl ../perlasm/x86asm.pl
+        $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+cmll-x86_64.s:  asm/cmll-x86_64.pl
+        $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h
+camellia.o: cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
+cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c
+cmll_cfb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
+cmll_cfb.o: ../../include/openssl/opensslconf.h cmll_cfb.c
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
+cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c
+cmll_ecb.o: ../../include/openssl/camellia.h
+cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_misc.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_misc.c
+cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
+cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_ofb.c
+cmll_utl.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_utl.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_utl.c
diff --git a/src/lib/libcrypto/camellia/cmll_utl.c b/src/lib/libcrypto/camellia/cmll_utl.c
new file mode 100644
index 0000000000..7a35711ec1
--- /dev/null
+++ b/src/lib/libcrypto/camellia/cmll_utl.c
@@ -0,0 +1,64 @@
+/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+ 
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+        CAMELLIA_KEY *key)
+        {
+#ifdef OPENSSL_FIPS
+        fips_cipher_abort(Camellia);
+#endif
+        return private_Camellia_set_key(userKey, bits, key);
+        }
diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile
new file mode 100644
index 0000000000..f3f4859886
--- /dev/null
+++ b/src/lib/libcrypto/cast/Makefile
@@ -0,0 +1,102 @@
+#
+# OpenSSL/crypto/cast/Makefile
+#
+
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CAST_ENC=c_enc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+cast-586.s:     asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl
index bf6810d335..7a0083ecb8 100644
--- a/src/lib/libcrypto/cast/asm/cast-586.pl
+++ b/src/lib/libcrypto/cast/asm/cast-586.pl
@@ -29,7 +29,7 @@ $S4="CAST_S_table3";
 
 &CAST_encrypt("CAST_encrypt",1);
 &CAST_encrypt("CAST_decrypt",0);
-&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
 
 &asm_finish();
 
diff --git a/src/lib/libcrypto/cast/asm/readme b/src/lib/libcrypto/cast/asm/readme
new file mode 100644
index 0000000000..fbcd76289e
--- /dev/null
+++ b/src/lib/libcrypto/cast/asm/readme
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+
+This flag makes the inner loop one cycle longer, but generates 
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium.  By default, this flag is on.
+
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
index 357c41ebf0..2ae54f5cfb 100644
--- a/src/lib/libcrypto/cast/c_enc.c
+++ b/src/lib/libcrypto/cast/c_enc.c
@@ -59,6 +59,7 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 
+#ifndef OPENBSD_CAST_ASM
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
         {
         register CAST_LONG l,r,t;
@@ -124,6 +125,7 @@ void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
         data[1]=l&0xffffffffL;
         data[0]=r&0xffffffffL;
         }
+#endif
 
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
              const CAST_KEY *ks, unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/cast/cast_spd.c b/src/lib/libcrypto/cast/cast_spd.c
new file mode 100644
index 0000000000..d650af475c
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast_spd.c
@@ -0,0 +1,278 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/cast.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        CAST_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        CAST_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                CAST_LONG data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing CAST_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing CAST_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld cast set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing CAST_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing CAST_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                CAST_LONG data[2];
+
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld CAST_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),CAST_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
+
diff --git a/src/lib/libcrypto/cast/castopts.c b/src/lib/libcrypto/cast/castopts.c
new file mode 100644
index 0000000000..33b2c7b06f
--- /dev/null
+++ b/src/lib/libcrypto/cast/castopts.c
@@ -0,0 +1,342 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/cast.h>
+
+#define CAST_DEFAULT_OPTIONS
+
+#undef E_CAST
+#define CAST_encrypt  CAST_encrypt_normal
+#define CAST_decrypt  CAST_decrypt_normal
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr
+#define CAST_decrypt  CAST_decrypt_ptr
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr2
+#define CAST_decrypt  CAST_decrypt_ptr2
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        CAST_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+        CAST_set_key(&sch,16,key);
+
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+        time_it(CAST_encrypt_normal,    "CAST_encrypt_normal ", 0);
+        time_it(CAST_encrypt_ptr,       "CAST_encrypt_ptr    ", 1);
+        time_it(CAST_encrypt_ptr2,      "CAST_encrypt_ptr2   ", 2);
+        num+=3;
+
+        str[0]="<nothing>";
+        print_it("CAST_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("CAST_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("CAST_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+
+        printf("options    CAST ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DCAST_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DCAST_PTR\n");
+                break;
+        case 2:
+                printf("-DCAST_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
+
diff --git a/src/lib/libcrypto/cast/casts.cpp b/src/lib/libcrypto/cast/casts.cpp
new file mode 100644
index 0000000000..8d7bd468d2
--- /dev/null
+++ b/src/lib/libcrypto/cast/casts.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/cast.h>
+
+void main(int argc,char *argv[])
+        {
+        CAST_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+        CAST_set_key(&key, 16,d);
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        CAST_encrypt(&data[0],&key);
+                        }
+
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
+
diff --git a/src/lib/libcrypto/cast/casttest.c b/src/lib/libcrypto/cast/casttest.c
new file mode 100644
index 0000000000..0d020d6975
--- /dev/null
+++ b/src/lib/libcrypto/cast/casttest.c
@@ -0,0 +1,233 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return(0);
+}
+#else
+#include <openssl/cast.h>
+
+#define FULL_TEST
+
+static unsigned char k[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+        };
+
+static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+static int k_len[3]={16,10,5};
+static unsigned char c[3][8]={
+        {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+        {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+        {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+        };
+static unsigned char out[80];
+
+static unsigned char in_a[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+static unsigned char in_b[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+
+static unsigned char c_a[16]={
+        0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+static unsigned char c_b[16]={
+        0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+
+#if 0
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#endif
+
+int main(int argc, char *argv[])
+    {
+#ifdef FULL_TEST
+    long l;
+    CAST_KEY key_b;
+#endif
+    int i,z,err=0;
+    CAST_KEY key;
+
+    for (z=0; z<3; z++)
+        {
+        CAST_set_key(&key,k_len[z],k);
+
+        CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+        if (memcmp(out,&(c[z][0]),8) != 0)
+            {
+            printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+            printf("got     :");
+            for (i=0; i<8; i++)
+                printf("%02X ",out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i=0; i<8; i++)
+                printf("%02X ",c[z][i]);
+            err=20;
+            printf("\n");
+            }
+
+        CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+        if (memcmp(out,in,8) != 0)
+            {
+            printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+            printf("got     :");
+            for (i=0; i<8; i++)
+                printf("%02X ",out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i=0; i<8; i++)
+                printf("%02X ",in[i]);
+            printf("\n");
+            err=3;
+            }
+        }
+    if (err == 0)
+        printf("ecb cast5 ok\n");
+
+#ifdef FULL_TEST
+      {
+      unsigned char out_a[16],out_b[16];
+      static char *hex="0123456789ABCDEF";
+      
+      printf("This test will take some time....");
+      fflush(stdout);
+      memcpy(out_a,in_a,sizeof(in_a));
+      memcpy(out_b,in_b,sizeof(in_b));
+      i=1;
+
+      for (l=0; l<1000000L; l++)
+          {
+          CAST_set_key(&key_b,16,out_b);
+          CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+          CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+          CAST_set_key(&key,16,out_a);
+          CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+          CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+          if ((l & 0xffff) == 0xffff)
+              {
+              printf("%c",hex[i&0x0f]);
+              fflush(stdout);
+              i++;
+              }
+          }
+
+      if (      (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+                (memcmp(out_b,c_b,sizeof(c_b)) != 0))
+          {
+          printf("\n");
+          printf("Error\n");
+
+          printf("A out =");
+          for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+          printf("\nactual=");
+          for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+          printf("\n");
+
+          printf("B out =");
+          for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+          printf("\nactual=");
+          for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+          printf("\n");
+          }
+      else
+          printf(" ok\n");
+      }
+#endif
+
+    EXIT(err);
+    return(err);
+    }
+#endif
diff --git a/src/lib/libcrypto/cert.pem b/src/lib/libcrypto/cert.pem
new file mode 100644
index 0000000000..7305e2d0ef
--- /dev/null
+++ b/src/lib/libcrypto/cert.pem
@@ -0,0 +1,3524 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 421 (0x1a5)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Validity
+            Not Before: Aug 13 00:29:00 1998 GMT
+            Not After : Aug 13 23:59:00 2018 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
+                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
+                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
+                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
+                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
+                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
+                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
+                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
+                    c7:79:b4:1f:05:2f:3b:62:99
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+         6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
+         a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
+         81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
+         7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
+         4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
+         a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
+         85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
+         7a:7f
+SHA1 Fingerprint=97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903804111 (0x35def4cf)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Validity
+            Not Before: Aug 22 16:41:51 1998 GMT
+            Not After : Aug 22 16:41:51 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
+                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
+                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
+                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
+                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
+                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
+                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
+                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
+                    3a:88:e7:bf:14:fd:e0:c7:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  DirName: C = US, O = Equifax, OU = Equifax Secure Certificate Authority, CN = CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 22 16:41:51 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+
+            X509v3 Subject Key Identifier: 
+                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+         58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
+         95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
+         6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
+         57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
+         a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
+         77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
+         65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
+         77:38
+SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
+                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
+                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
+                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
+                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
+                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
+                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
+                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
+                    61:f8:9b:1d:1c:89:4f:5c:67
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+         51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
+         70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
+         64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
+         3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
+         ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
+         92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
+         57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
+         91:fd
+SHA1 Fingerprint=85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            04:00:00:00:00:01:15:4b:5a:c3:94
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep  1 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2028 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
+                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
+                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
+                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
+                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
+                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
+                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
+                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
+                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
+                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
+                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
+                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
+                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
+                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
+                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
+                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
+                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
+                    90:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+    Signature Algorithm: sha1WithRSAEncryption
+         d6:73:e7:7c:4f:76:d0:8d:bf:ec:ba:a2:be:34:c5:28:32:b5:
+         7c:fc:6c:9c:2c:2b:bd:09:9e:53:bf:6b:5e:aa:11:48:b6:e5:
+         08:a3:b3:ca:3d:61:4d:d3:46:09:b3:3e:c3:a0:e3:63:55:1b:
+         f2:ba:ef:ad:39:e1:43:b9:38:a3:e6:2f:8a:26:3b:ef:a0:50:
+         56:f9:c6:0a:fd:38:cd:c4:0b:70:51:94:97:98:04:df:c3:5f:
+         94:d5:15:c9:14:41:9c:c4:5d:75:64:15:0d:ff:55:30:ec:86:
+         8f:ff:0d:ef:2c:b9:63:46:f6:aa:fc:df:bc:69:fd:2e:12:48:
+         64:9a:e0:95:f0:a6:ef:29:8f:01:b1:15:b5:0c:1d:a5:fe:69:
+         2c:69:24:78:1e:b3:a7:1c:71:62:ee:ca:c8:97:ac:17:5d:8a:
+         c2:f8:47:86:6e:2a:c4:56:31:95:d0:67:89:85:2b:f9:6c:a6:
+         5d:46:9d:0c:aa:82:e4:99:51:dd:70:b7:db:56:3d:61:e4:6a:
+         e1:5c:d6:f6:fe:3d:de:41:cc:07:ae:63:52:bf:53:53:f4:2b:
+         e9:c7:fd:b6:f7:82:5f:85:d2:41:18:db:81:b3:04:1c:c5:1f:
+         a4:80:6f:15:20:c9:de:0c:88:0a:1d:d6:66:55:e2:fc:48:c9:
+         29:26:69:e0
+SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            04:00:00:00:00:01:0f:86:26:e6:0d
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
+        Validity
+            Not Before: Dec 15 08:00:00 2006 GMT
+            Not After : Dec 15 08:00:00 2021 GMT
+        Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a6:cf:24:0e:be:2e:6f:28:99:45:42:c4:ab:3e:
+                    21:54:9b:0b:d3:7f:84:70:fa:12:b3:cb:bf:87:5f:
+                    c6:7f:86:d3:b2:30:5c:d6:fd:ad:f1:7b:dc:e5:f8:
+                    60:96:09:92:10:f5:d0:53:de:fb:7b:7e:73:88:ac:
+                    52:88:7b:4a:a6:ca:49:a6:5e:a8:a7:8c:5a:11:bc:
+                    7a:82:eb:be:8c:e9:b3:ac:96:25:07:97:4a:99:2a:
+                    07:2f:b4:1e:77:bf:8a:0f:b5:02:7c:1b:96:b8:c5:
+                    b9:3a:2c:bc:d6:12:b9:eb:59:7d:e2:d0:06:86:5f:
+                    5e:49:6a:b5:39:5e:88:34:ec:bc:78:0c:08:98:84:
+                    6c:a8:cd:4b:b4:a0:7d:0c:79:4d:f0:b8:2d:cb:21:
+                    ca:d5:6c:5b:7d:e1:a0:29:84:a1:f9:d3:94:49:cb:
+                    24:62:91:20:bc:dd:0b:d5:d9:cc:f9:ea:27:0a:2b:
+                    73:91:c6:9d:1b:ac:c8:cb:e8:e0:a0:f4:2f:90:8b:
+                    4d:fb:b0:36:1b:f6:19:7a:85:e0:6d:f2:61:13:88:
+                    5c:9f:e0:93:0a:51:97:8a:5a:ce:af:ab:d5:f7:aa:
+                    09:aa:60:bd:dc:d9:5f:df:72:a9:60:13:5e:00:01:
+                    c9:4a:fa:3f:a4:ea:07:03:21:02:8e:82:ca:03:c2:
+                    9b:8f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.globalsign.net/root-r2.crl
+
+            X509v3 Authority Key Identifier: 
+                keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E
+
+    Signature Algorithm: sha1WithRSAEncryption
+         99:81:53:87:1c:68:97:86:91:ec:e0:4a:b8:44:0b:ab:81:ac:
+         27:4f:d6:c1:b8:1c:43:78:b3:0c:9a:fc:ea:2c:3c:6e:61:1b:
+         4d:4b:29:f5:9f:05:1d:26:c1:b8:e9:83:00:62:45:b6:a9:08:
+         93:b9:a9:33:4b:18:9a:c2:f8:87:88:4e:db:dd:71:34:1a:c1:
+         54:da:46:3f:e0:d3:2a:ab:6d:54:22:f5:3a:62:cd:20:6f:ba:
+         29:89:d7:dd:91:ee:d3:5c:a2:3e:a1:5b:41:f5:df:e5:64:43:
+         2d:e9:d5:39:ab:d2:a2:df:b7:8b:d0:c0:80:19:1c:45:c0:2d:
+         8c:e8:f8:2d:a4:74:56:49:c5:05:b5:4f:15:de:6e:44:78:39:
+         87:a8:7e:bb:f3:79:18:91:bb:f4:6f:9d:c1:f0:8c:35:8c:5d:
+         01:fb:c3:6d:b9:ef:44:6d:79:46:31:7e:0a:fe:a9:82:c1:ff:
+         ef:ab:6e:20:c4:50:c9:5f:9d:4d:9b:17:8c:0c:e5:01:c9:a0:
+         41:6a:73:53:fa:a5:50:b4:6e:25:0f:fb:4c:18:f4:fd:52:d9:
+         8e:69:b1:e8:11:0f:de:88:d8:fb:1d:49:f7:aa:de:95:cf:20:
+         78:c2:60:12:db:25:40:8c:6a:fc:7e:42:38:40:64:12:f7:9e:
+         81:e1:93:2e
+SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            04:00:00:00:00:01:21:58:53:08:a2
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
+        Validity
+            Not Before: Mar 18 10:00:00 2009 GMT
+            Not After : Mar 18 10:00:00 2029 GMT
+        Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cc:25:76:90:79:06:78:22:16:f5:c0:83:b6:84:
+                    ca:28:9e:fd:05:76:11:c5:ad:88:72:fc:46:02:43:
+                    c7:b2:8a:9d:04:5f:24:cb:2e:4b:e1:60:82:46:e1:
+                    52:ab:0c:81:47:70:6c:dd:64:d1:eb:f5:2c:a3:0f:
+                    82:3d:0c:2b:ae:97:d7:b6:14:86:10:79:bb:3b:13:
+                    80:77:8c:08:e1:49:d2:6a:62:2f:1f:5e:fa:96:68:
+                    df:89:27:95:38:9f:06:d7:3e:c9:cb:26:59:0d:73:
+                    de:b0:c8:e9:26:0e:83:15:c6:ef:5b:8b:d2:04:60:
+                    ca:49:a6:28:f6:69:3b:f6:cb:c8:28:91:e5:9d:8a:
+                    61:57:37:ac:74:14:dc:74:e0:3a:ee:72:2f:2e:9c:
+                    fb:d0:bb:bf:f5:3d:00:e1:06:33:e8:82:2b:ae:53:
+                    a6:3a:16:73:8c:dd:41:0e:20:3a:c0:b4:a7:a1:e9:
+                    b2:4f:90:2e:32:60:e9:57:cb:b9:04:92:68:68:e5:
+                    38:26:60:75:b2:9f:77:ff:91:14:ef:ae:20:49:fc:
+                    ad:40:15:48:d1:02:31:61:19:5e:b8:97:ef:ad:77:
+                    b7:64:9a:7a:bf:5f:c1:13:ef:9b:62:fb:0d:6c:e0:
+                    54:69:16:a9:03:da:6e:e9:83:93:71:76:c6:69:85:
+                    82:17
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC
+    Signature Algorithm: sha256WithRSAEncryption
+         4b:40:db:c0:50:aa:fe:c8:0c:ef:f7:96:54:45:49:bb:96:00:
+         09:41:ac:b3:13:86:86:28:07:33:ca:6b:e6:74:b9:ba:00:2d:
+         ae:a4:0a:d3:f5:f1:f1:0f:8a:bf:73:67:4a:83:c7:44:7b:78:
+         e0:af:6e:6c:6f:03:29:8e:33:39:45:c3:8e:e4:b9:57:6c:aa:
+         fc:12:96:ec:53:c6:2d:e4:24:6c:b9:94:63:fb:dc:53:68:67:
+         56:3e:83:b8:cf:35:21:c3:c9:68:fe:ce:da:c2:53:aa:cc:90:
+         8a:e9:f0:5d:46:8c:95:dd:7a:58:28:1a:2f:1d:de:cd:00:37:
+         41:8f:ed:44:6d:d7:53:28:97:7e:f3:67:04:1e:15:d7:8a:96:
+         b4:d3:de:4c:27:a4:4c:1b:73:73:76:f4:17:99:c2:1f:7a:0e:
+         e3:2d:08:ad:0a:1c:2c:ff:3c:ab:55:0e:0f:91:7e:36:eb:c3:
+         57:49:be:e1:2e:2d:7c:60:8b:c3:41:51:13:23:9d:ce:f7:32:
+         6b:94:01:a8:99:e7:2c:33:1f:3a:3b:25:d2:86:40:ce:3b:2c:
+         86:78:c9:61:2f:14:ba:ee:db:55:6f:df:84:ee:05:09:4d:bd:
+         28:d8:72:ce:d3:62:50:65:1e:eb:92:97:83:31:d9:b3:b5:ca:
+         47:58:3f:5f
+SHA1 Fingerprint=D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
+                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
+                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
+                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
+                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
+                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
+                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
+                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
+                    8d:f4:42:4d:e7:40:9d:1c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+         26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
+         c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
+         08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
+         c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
+         6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
+         a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
+         32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
+         14:42
+SHA1 Fingerprint=62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
+                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
+                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
+                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
+                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
+                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
+                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
+                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
+                    3a:c2:b5:66:22:12:d6:87:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+         07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
+         a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
+         3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
+         4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
+         8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
+         e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
+         b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
+         70:47
+SHA1 Fingerprint=23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  2 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+                    71:64:4c:65:2e:81:68:45:a7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+         10:72:52:a9:05:14:19:32:08:41:f0:c5:6b:0a:cc:7e:0f:21:
+         19:cd:e4:67:dc:5f:a9:1b:e6:ca:e8:73:9d:22:d8:98:6e:73:
+         03:61:91:c5:7c:b0:45:40:6e:44:9d:8d:b0:b1:96:74:61:2d:
+         0d:a9:45:d2:a4:92:2a:d6:9a:75:97:6e:3f:53:fd:45:99:60:
+         1d:a8:2b:4c:f9:5e:a7:09:d8:75:30:d7:d2:65:60:3d:67:d6:
+         48:55:75:69:3f:91:f5:48:0b:47:69:22:69:82:96:be:c9:c8:
+         38:86:4a:7a:2c:73:19:48:69:4e:6b:7c:65:bf:0f:fc:70:ce:
+         88:90
+SHA1 Fingerprint=A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
+2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
+2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
+        Validity
+            Not Before: Nov  8 00:00:00 2006 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:af:24:08:08:29:7a:35:9e:60:0c:aa:e7:4b:3b:
+                    4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:
+                    08:a3:64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:
+                    2a:aa:a6:42:b3:8f:f8:b9:55:b7:b1:b7:4b:b3:fe:
+                    8f:7e:07:57:ec:ef:43:db:66:62:15:61:cf:60:0d:
+                    a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:
+                    54:85:26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:
+                    d8:43:63:6a:52:4b:d2:8f:e8:70:51:4d:d1:89:69:
+                    7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b:56:d3:96:
+                    bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:
+                    f4:06:04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:
+                    ba:f4:3c:ee:e0:8b:eb:37:8b:ec:f4:d7:ac:f2:f6:
+                    f0:3d:af:dd:75:91:33:19:1d:1c:40:cb:74:24:19:
+                    21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:
+                    63:47:88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:
+                    ae:0e:9d:d4:d1:43:c0:67:73:e3:14:08:7e:e5:3f:
+                    9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a:ee:53:e8:
+                    25:15
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            1.3.6.1.5.5.7.1.12: 
+                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
+            X509v3 Subject Key Identifier: 
+                7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
+    Signature Algorithm: sha1WithRSAEncryption
+         93:24:4a:30:5f:62:cf:d8:1a:98:2f:3d:ea:dc:99:2d:bd:77:
+         f6:a5:79:22:38:ec:c4:a7:a0:78:12:ad:62:0e:45:70:64:c5:
+         e7:97:66:2d:98:09:7e:5f:af:d6:cc:28:65:f2:01:aa:08:1a:
+         47:de:f9:f9:7c:92:5a:08:69:20:0d:d9:3e:6d:6e:3c:0d:6e:
+         d8:e6:06:91:40:18:b9:f8:c1:ed:df:db:41:aa:e0:96:20:c9:
+         cd:64:15:38:81:c9:94:ee:a2:84:29:0b:13:6f:8e:db:0c:dd:
+         25:02:db:a4:8b:19:44:d2:41:7a:05:69:4a:58:4f:60:ca:7e:
+         82:6a:0b:02:aa:25:17:39:b5:db:7f:e7:84:65:2a:95:8a:bd:
+         86:de:5e:81:16:83:2d:10:cc:de:fd:a8:82:2a:6d:28:1f:0d:
+         0b:c4:e5:e7:1a:26:19:e1:f4:11:6f:10:b5:95:fc:e7:42:05:
+         32:db:ce:9d:51:5e:28:b6:9e:85:d3:5b:ef:a5:7d:45:40:72:
+         8e:b7:0e:6b:0e:06:fb:33:35:48:71:b8:9d:27:8b:c4:65:5f:
+         0d:86:76:9c:44:7a:f6:95:5c:f6:5d:32:08:33:a4:54:b6:18:
+         3f:68:5c:f2:42:4a:85:38:54:83:5f:d1:e8:2c:f2:ac:11:d6:
+         a8:ed:63:6a
+SHA1 Fingerprint=4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
+                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
+                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
+                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
+                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
+                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
+                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
+                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
+                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
+                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
+                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
+                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
+                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
+                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
+                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
+                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
+                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
+                    57:97
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+         11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
+         db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
+         37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
+         5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
+         23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
+         d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
+         ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
+         62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
+         7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
+         17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
+         cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
+         c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
+         0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
+         81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
+         f1:7d:dd:11
+SHA1 Fingerprint=13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3
+    Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
+        Validity
+            Not Before: Nov  5 00:00:00 2007 GMT
+            Not After : Jan 18 23:59:59 2038 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub: 
+                    04:a7:56:7a:7c:52:da:64:9b:0e:2d:5c:d8:5e:ac:
+                    92:3d:fe:01:e6:19:4a:3d:14:03:4b:fa:60:27:20:
+                    d9:83:89:69:fa:54:c6:9a:18:5e:55:2a:64:de:06:
+                    f6:8d:4a:3b:ad:10:3c:65:3d:90:88:04:89:e0:30:
+                    61:b3:ae:5d:01:a7:7b:de:7c:b2:be:ca:65:61:00:
+                    86:ae:da:8f:7b:d0:89:ad:4d:1d:59:9a:41:b1:bc:
+                    47:80:dc:9e:62:c3:f9
+                ASN1 OID: secp384r1
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            1.3.6.1.5.5.7.1.12: 
+                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
+            X509v3 Subject Key Identifier: 
+                B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5
+    Signature Algorithm: ecdsa-with-SHA384
+         30:65:02:30:66:21:0c:18:26:60:5a:38:7b:56:42:e0:a7:fc:
+         36:84:51:91:20:2c:76:4d:43:3d:c4:1d:84:23:d0:ac:d6:7c:
+         35:06:ce:cd:69:bd:90:0d:db:6c:48:42:1d:0e:aa:42:02:31:
+         00:9c:3d:48:39:23:39:58:1a:15:12:59:6a:9e:ef:d5:59:b2:
+         1d:52:2c:99:71:cd:c7:29:df:1b:2a:61:7b:71:d1:de:f3:c0:
+         e5:0d:3a:4a:aa:2d:a7:d8:86:2a:dd:2e:10
+SHA1 Fingerprint=22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
+SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
+biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
+GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
+fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
+aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
+aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
+4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
+FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
+        Validity
+            Not Before: Apr  2 00:00:00 2008 GMT
+            Not After : Dec  1 23:59:59 2037 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c7:61:37:5e:b1:01:34:db:62:d7:15:9b:ff:58:
+                    5a:8c:23:23:d6:60:8e:91:d7:90:98:83:7a:e6:58:
+                    19:38:8c:c5:f6:e5:64:85:b4:a2:71:fb:ed:bd:b9:
+                    da:cd:4d:00:b4:c8:2d:73:a5:c7:69:71:95:1f:39:
+                    3c:b2:44:07:9c:e8:0e:fa:4d:4a:c4:21:df:29:61:
+                    8f:32:22:61:82:c5:87:1f:6e:8c:7c:5f:16:20:51:
+                    44:d1:70:4f:57:ea:e3:1c:e3:cc:79:ee:58:d8:0e:
+                    c2:b3:45:93:c0:2c:e7:9a:17:2b:7b:00:37:7a:41:
+                    33:78:e1:33:e2:f3:10:1a:7f:87:2c:be:f6:f5:f7:
+                    42:e2:e5:bf:87:62:89:5f:00:4b:df:c5:dd:e4:75:
+                    44:32:41:3a:1e:71:6e:69:cb:0b:75:46:08:d1:ca:
+                    d2:2b:95:d0:cf:fb:b9:40:6b:64:8c:57:4d:fc:13:
+                    11:79:84:ed:5e:54:f6:34:9f:08:01:f3:10:25:06:
+                    17:4a:da:f1:1d:7a:66:6b:98:60:66:a4:d9:ef:d2:
+                    2e:82:f1:f0:ef:09:ea:44:c9:15:6a:e2:03:6e:33:
+                    d3:ac:9f:55:00:c7:f6:08:6a:94:b9:5f:dc:e0:33:
+                    f1:84:60:f9:5b:27:11:b4:fc:16:f2:bb:56:6a:80:
+                    25:8d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            1.3.6.1.5.5.7.1.12: 
+                0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
+            X509v3 Subject Key Identifier: 
+                B6:77:FA:69:48:47:9F:53:12:D5:C2:EA:07:32:76:07:D1:97:07:19
+    Signature Algorithm: sha256WithRSAEncryption
+         4a:f8:f8:b0:03:e6:2c:67:7b:e4:94:77:63:cc:6e:4c:f9:7d:
+         0e:0d:dc:c8:b9:35:b9:70:4f:63:fa:24:fa:6c:83:8c:47:9d:
+         3b:63:f3:9a:f9:76:32:95:91:b1:77:bc:ac:9a:be:b1:e4:31:
+         21:c6:81:95:56:5a:0e:b1:c2:d4:b1:a6:59:ac:f1:63:cb:b8:
+         4c:1d:59:90:4a:ef:90:16:28:1f:5a:ae:10:fb:81:50:38:0c:
+         6c:cc:f1:3d:c3:f5:63:e3:b3:e3:21:c9:24:39:e9:fd:15:66:
+         46:f4:1b:11:d0:4d:73:a3:7d:46:f9:3d:ed:a8:5f:62:d4:f1:
+         3f:f8:e0:74:57:2b:18:9d:81:b4:c4:28:da:94:97:a5:70:eb:
+         ac:1d:be:07:11:f0:d5:db:dd:e5:8c:f0:d5:32:b0:83:e6:57:
+         e2:8f:bf:be:a1:aa:bf:3d:1d:b5:d4:38:ea:d7:b0:5c:3a:4f:
+         6a:3f:8f:c0:66:6c:63:aa:e9:d9:a4:16:f4:81:d1:95:14:0e:
+         7d:cd:95:34:d9:d2:8f:70:73:81:7b:9c:7e:bd:98:61:d8:45:
+         87:98:90:c5:eb:86:30:c6:35:bf:f0:ff:c3:55:88:83:4b:ef:
+         05:92:06:71:f2:b8:98:93:b7:ec:cd:82:61:f1:38:e6:4f:97:
+         98:2a:5a:8d
+SHA1 Fingerprint=36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0
+IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y
+IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh
+bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF
+9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH
+H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H
+LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN
+/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
+rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw
+WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs
+exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4
+sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+
+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz
+4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+
+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR
+lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3
+7M2CYfE45k+XmCpajQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
+                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
+                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
+                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
+                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
+                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
+                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
+                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
+                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
+                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
+                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
+                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
+                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
+                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
+                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
+                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
+                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
+                    ef:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+         8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
+         0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
+         3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
+         05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
+         00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
+         32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
+         00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
+         e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
+         5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
+         d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
+         46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
+         a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
+         21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
+         a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
+         35:60:91:ce
+SHA1 Fingerprint=C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
+        Validity
+            Not Before: Sep 17 19:46:36 2006 GMT
+            Not After : Sep 17 19:46:36 2036 GMT
+        Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c1:88:db:09:bc:6c:46:7c:78:9f:95:7b:b5:33:
+                    90:f2:72:62:d6:c1:36:20:22:24:5e:ce:e9:77:f2:
+                    43:0a:a2:06:64:a4:cc:8e:36:f8:38:e6:23:f0:6e:
+                    6d:b1:3c:dd:72:a3:85:1c:a1:d3:3d:b4:33:2b:d3:
+                    2f:af:fe:ea:b0:41:59:67:b6:c4:06:7d:0a:9e:74:
+                    85:d6:79:4c:80:37:7a:df:39:05:52:59:f7:f4:1b:
+                    46:43:a4:d2:85:85:d2:c3:71:f3:75:62:34:ba:2c:
+                    8a:7f:1e:8f:ee:ed:34:d0:11:c7:96:cd:52:3d:ba:
+                    33:d6:dd:4d:de:0b:3b:4a:4b:9f:c2:26:2f:fa:b5:
+                    16:1c:72:35:77:ca:3c:5d:e6:ca:e1:26:8b:1a:36:
+                    76:5c:01:db:74:14:25:fe:ed:b5:a0:88:0f:dd:78:
+                    ca:2d:1f:07:97:30:01:2d:72:79:fa:46:d6:13:2a:
+                    a8:b9:a6:ab:83:49:1d:e5:f2:ef:dd:e4:01:8e:18:
+                    0a:8f:63:53:16:85:62:a9:0e:19:3a:cc:b5:66:a6:
+                    c2:6b:74:07:e4:2b:e1:76:3e:b4:6d:d8:f6:44:e1:
+                    73:62:1f:3b:c4:be:a0:53:56:25:6c:51:09:f7:aa:
+                    ab:ca:bf:76:fd:6d:9b:f3:9d:db:bf:3d:66:bc:0c:
+                    56:aa:af:98:48:95:3a:4b:df:a7:58:50:d9:38:75:
+                    a9:5b:ea:43:0c:02:ff:99:eb:e8:6c:4d:70:5b:29:
+                    65:9c:dd:aa:5d:cc:af:01:31:ec:0c:eb:d2:8d:e8:
+                    ea:9c:7b:e6:6e:f7:27:66:0c:1a:48:d7:6e:42:e3:
+                    3f:de:21:3e:7b:e1:0d:70:fb:63:aa:a8:6c:1a:54:
+                    b4:5c:25:7a:c9:a2:c9:8b:16:a6:bb:2c:7e:17:5e:
+                    05:4d:58:6e:12:1d:01:ee:12:10:0d:c6:32:7f:18:
+                    ff:fc:f4:fa:cd:6e:91:e8:36:49:be:1a:48:69:8b:
+                    c2:96:4d:1a:12:b2:69:17:c1:0a:90:d6:fa:79:22:
+                    48:bf:ba:7b:69:f8:70:c7:fa:7a:37:d8:d8:0d:d2:
+                    76:4f:57:ff:90:b7:e3:91:d2:dd:ef:c2:60:b7:67:
+                    3a:dd:fe:aa:9c:f0:d4:8b:7f:72:22:ce:c6:9f:97:
+                    b6:f8:af:8a:a0:10:a8:d9:fb:18:c6:b6:b5:5c:52:
+                    3c:89:b6:19:2a:73:01:0a:0f:03:b3:12:60:f2:7a:
+                    2f:81:db:a3:6e:ff:26:30:97:f5:8b:dd:89:57:b6:
+                    ad:3d:b3:af:2b:c5:b7:76:02:f0:a5:d6:2b:9a:86:
+                    14:2a:72:f6:e3:33:8c:5d:09:4b:13:df:bb:8c:74:
+                    13:52:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                4E:0B:EF:1A:A4:40:5B:A5:17:69:87:30:CA:34:68:43:D0:41:AE:F2
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://cert.startcom.org/sfsca-crl.crl
+
+                Full Name:
+                  URI:http://crl.startcom.org/sfsca-crl.crl
+
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.23223.1.1.1
+                  CPS: http://cert.startcom.org/policy.pdf
+                  CPS: http://cert.startcom.org/intermediate.pdf
+                  User Notice:
+                    Organization: Start Commercial (StartCom) Ltd.
+                    Number: 1
+                    Explicit Text: Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf
+
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            Netscape Comment: 
+                StartCom Free SSL Certification Authority
+    Signature Algorithm: sha1WithRSAEncryption
+         16:6c:99:f4:66:0c:34:f5:d0:85:5e:7d:0a:ec:da:10:4e:38:
+         1c:5e:df:a6:25:05:4b:91:32:c1:e8:3b:f1:3d:dd:44:09:5b:
+         07:49:8a:29:cb:66:02:b7:b1:9a:f7:25:98:09:3c:8e:1b:e1:
+         dd:36:87:2b:4b:bb:68:d3:39:66:3d:a0:26:c7:f2:39:91:1d:
+         51:ab:82:7b:7e:d5:ce:5a:e4:e2:03:57:70:69:97:08:f9:5e:
+         58:a6:0a:df:8c:06:9a:45:16:16:38:0a:5e:57:f6:62:c7:7a:
+         02:05:e6:bc:1e:b5:f2:9e:f4:a9:29:83:f8:b2:14:e3:6e:28:
+         87:44:c3:90:1a:de:38:a9:3c:ac:43:4d:64:45:ce:dd:28:a9:
+         5c:f2:73:7b:04:f8:17:e8:ab:b1:f3:2e:5c:64:6e:73:31:3a:
+         12:b8:bc:b3:11:e4:7d:8f:81:51:9a:3b:8d:89:f4:4d:93:66:
+         7b:3c:03:ed:d3:9a:1d:9a:f3:65:50:f5:a0:d0:75:9f:2f:af:
+         f0:ea:82:43:98:f8:69:9c:89:79:c4:43:8e:46:72:e3:64:36:
+         12:af:f7:25:1e:38:89:90:77:7e:c3:6b:6a:b9:c3:cb:44:4b:
+         ac:78:90:8b:e7:c7:2c:1e:4b:11:44:c8:34:52:27:cd:0a:5d:
+         9f:85:c1:89:d5:1a:78:f2:95:10:53:32:dd:80:84:66:75:d9:
+         b5:68:28:fb:61:2e:be:84:a8:38:c0:99:12:86:a5:1e:67:64:
+         ad:06:2e:2f:a9:70:85:c7:96:0f:7c:89:65:f5:8e:43:54:0e:
+         ab:dd:a5:80:39:94:60:c0:34:c9:96:70:2c:a3:12:f5:1f:48:
+         7b:bd:1c:7e:6b:b7:9d:90:f4:22:3b:ae:f8:fc:2a:ca:fa:82:
+         52:a0:ef:af:4b:55:93:eb:c1:b5:f0:22:8b:ac:34:4e:26:22:
+         04:a1:87:2c:75:4a:b7:e5:7d:13:d7:b8:0c:64:c0:36:d2:c9:
+         2f:86:12:8c:23:09:c1:1b:82:3b:73:49:a3:6a:57:87:94:e5:
+         d6:78:c5:99:43:63:e3:4d:e0:77:2d:e1:65:99:72:69:04:1a:
+         47:09:e6:0f:01:56:24:fb:1f:bf:0e:79:a9:58:2e:b9:c4:09:
+         01:7e:95:ba:6d:00:06:3e:b2:ea:4a:10:39:d8:d0:2b:f5:bf:
+         ec:75:bf:97:02:c5:09:1b:08:dc:55:37:e2:81:fb:37:84:43:
+         62:20:ca:e7:56:4b:65:ea:fe:6c:c1:24:93:24:a1:34:eb:05:
+         ff:9a:22:ae:9b:7d:3f:f1:65:51:0a:a6:30:6a:b3:f4:88:1c:
+         80:0d:fc:72:8a:e8:83:5e
+SHA1 Fingerprint=3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:19:54 1999 GMT
+            Not After : Jun 26 00:19:54 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
+                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
+                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
+                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
+                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
+                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
+                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
+                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
+                    b3:43:bb:ef:7b:6e:2e:69:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+         3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
+         a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
+         bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
+         81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
+         6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
+         3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
+         0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
+         43:dd
+SHA1 Fingerprint=31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 927650371 (0x374ad243)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Validity
+            Not Before: May 25 16:09:40 1999 GMT
+            Not After : May 25 16:39:40 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
+                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
+                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
+                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
+                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
+                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
+                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
+                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
+                    b1:16:19:61:b9:54:b6:e6:43
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  DirName: C = US, O = Entrust.net, OU = www.entrust.net/CPS incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Secure Server Certification Authority, CN = CRL1
+
+                Full Name:
+                  URI:http://www.entrust.net/CRL/net1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+
+            X509v3 Subject Key Identifier: 
+                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+         90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
+         47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
+         f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
+         c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
+         a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
+         0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
+         73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
+         f9:b2
+SHA1 Fingerprint=99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
+        Validity
+            Not Before: Nov 10 00:00:00 2006 GMT
+            Not After : Nov 10 00:00:00 2031 GMT
+        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:
+                    e5:81:3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:
+                    a2:0a:1c:b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:
+                    a4:a9:41:59:3a:d3:dc:94:d6:3c:db:74:38:a4:4a:
+                    cc:4d:25:82:f7:4a:a5:53:12:38:ee:f3:49:6d:71:
+                    91:7e:63:b6:ab:a6:5f:c3:a4:84:f8:4f:62:51:be:
+                    f8:c5:ec:db:38:92:e3:06:e5:08:91:0c:c4:28:41:
+                    55:fb:cb:5a:89:15:7e:71:e8:35:bf:4d:72:09:3d:
+                    be:3a:38:50:5b:77:31:1b:8d:b3:c7:24:45:9a:a7:
+                    ac:6d:00:14:5a:04:b7:ba:13:eb:51:0a:98:41:41:
+                    22:4e:65:61:87:81:41:50:a6:79:5c:89:de:19:4a:
+                    57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:06:16:a4:
+                    68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:db:5e:
+                    64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:79:
+                    39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
+                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:
+                    87:5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:
+                    4b:cb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
+            X509v3 Authority Key Identifier: 
+                keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
+
+    Signature Algorithm: sha1WithRSAEncryption
+         1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:21:47:
+         f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:7a:d9:11:65:
+         8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:b8:91:e8:43:2c:8e:
+         b3:78:ce:db:e3:53:79:71:d6:e5:21:94:01:da:55:87:9a:24:
+         64:f6:8a:66:cc:de:9c:37:cd:a8:34:b1:69:9b:23:c8:9e:78:
+         22:2b:70:43:e3:55:47:31:61:19:ef:58:c5:85:2f:4e:30:f6:
+         a0:31:16:23:c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:
+         5e:8b:31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
+         15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:0a:c4:
+         97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:55:f2:48:69:
+         d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:ba:70:26:5d:90:60:
+         9e:bc:4b:17:09:2f:b4:cb:1e:43:68:c9:07:27:c1:d2:5c:f7:
+         ea:21:b9:68:12:9c:3c:9c:bf:9e:fc:80:5c:9b:63:cd:ec:47:
+         aa:25:27:67:a0:37:f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:
+         77:e8:1f:4a
+SHA1 Fingerprint=5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
+        Validity
+            Not Before: Nov 10 00:00:00 2006 GMT
+            Not After : Nov 10 00:00:00 2031 GMT
+        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ad:0e:15:ce:e4:43:80:5c:b1:87:f3:b7:60:f9:
+                    71:12:a5:ae:dc:26:94:88:aa:f4:ce:f5:20:39:28:
+                    58:60:0c:f8:80:da:a9:15:95:32:61:3c:b5:b1:28:
+                    84:8a:8a:dc:9f:0a:0c:83:17:7a:8f:90:ac:8a:e7:
+                    79:53:5c:31:84:2a:f6:0f:98:32:36:76:cc:de:dd:
+                    3c:a8:a2:ef:6a:fb:21:f2:52:61:df:9f:20:d7:1f:
+                    e2:b1:d9:fe:18:64:d2:12:5b:5f:f9:58:18:35:bc:
+                    47:cd:a1:36:f9:6b:7f:d4:b0:38:3e:c1:1b:c3:8c:
+                    33:d9:d8:2f:18:fe:28:0f:b3:a7:83:d6:c3:6e:44:
+                    c0:61:35:96:16:fe:59:9c:8b:76:6d:d7:f1:a2:4b:
+                    0d:2b:ff:0b:72:da:9e:60:d0:8e:90:35:c6:78:55:
+                    87:20:a1:cf:e5:6d:0a:c8:49:7c:31:98:33:6c:22:
+                    e9:87:d0:32:5a:a2:ba:13:82:11:ed:39:17:9d:99:
+                    3a:72:a1:e6:fa:a4:d9:d5:17:31:75:ae:85:7d:22:
+                    ae:3f:01:46:86:f6:28:79:c8:b1:da:e4:57:17:c4:
+                    7e:1c:0e:b0:b4:92:a6:56:b3:bd:b2:97:ed:aa:a7:
+                    f0:b7:c5:a8:3f:95:16:d0:ff:a1:96:eb:08:5f:18:
+                    77:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F
+            X509v3 Authority Key Identifier: 
+                keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F
+
+    Signature Algorithm: sha1WithRSAEncryption
+         a2:0e:bc:df:e2:ed:f0:e3:72:73:7a:64:94:bf:f7:72:66:d8:
+         32:e4:42:75:62:ae:87:eb:f2:d5:d9:de:56:b3:9f:cc:ce:14:
+         28:b9:0d:97:60:5c:12:4c:58:e4:d3:3d:83:49:45:58:97:35:
+         69:1a:a8:47:ea:56:c6:79:ab:12:d8:67:81:84:df:7f:09:3c:
+         94:e6:b8:26:2c:20:bd:3d:b3:28:89:f7:5f:ff:22:e2:97:84:
+         1f:e9:65:ef:87:e0:df:c1:67:49:b3:5d:eb:b2:09:2a:eb:26:
+         ed:78:be:7d:3f:2b:f3:b7:26:35:6d:5f:89:01:b6:49:5b:9f:
+         01:05:9b:ab:3d:25:c1:cc:b6:7f:c2:f1:6f:86:c6:fa:64:68:
+         eb:81:2d:94:eb:42:b7:fa:8c:1e:dd:62:f1:be:50:67:b7:6c:
+         bd:f3:f1:1f:6b:0c:36:07:16:7f:37:7c:a9:5b:6d:7a:f1:12:
+         46:60:83:d7:27:04:be:4b:ce:97:be:c3:67:2a:68:11:df:80:
+         e7:0c:33:66:bf:13:0d:14:6e:f3:7f:1f:63:10:1e:fa:8d:1b:
+         25:6d:6c:8f:a5:b7:61:01:b1:d2:a3:26:a1:10:71:9d:ad:e2:
+         c3:f9:c3:99:51:b7:2b:07:08:ce:2e:e6:50:b2:a7:fa:0a:45:
+         2f:a2:f0:f2
+SHA1 Fingerprint=05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
+        Validity
+            Not Before: Nov 10 00:00:00 2006 GMT
+            Not After : Nov 10 00:00:00 2031 GMT
+        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e2:3b:e1:11:72:de:a8:a4:d3:a3:57:aa:50:a2:
+                    8f:0b:77:90:c9:a2:a5:ee:12:ce:96:5b:01:09:20:
+                    cc:01:93:a7:4e:30:b7:53:f7:43:c4:69:00:57:9d:
+                    e2:8d:22:dd:87:06:40:00:81:09:ce:ce:1b:83:bf:
+                    df:cd:3b:71:46:e2:d6:66:c7:05:b3:76:27:16:8f:
+                    7b:9e:1e:95:7d:ee:b7:48:a3:08:da:d6:af:7a:0c:
+                    39:06:65:7f:4a:5d:1f:bc:17:f8:ab:be:ee:28:d7:
+                    74:7f:7a:78:99:59:85:68:6e:5c:23:32:4b:bf:4e:
+                    c0:e8:5a:6d:e3:70:bf:77:10:bf:fc:01:f6:85:d9:
+                    a8:44:10:58:32:a9:75:18:d5:d1:a2:be:47:e2:27:
+                    6a:f4:9a:33:f8:49:08:60:8b:d4:5f:b4:3a:84:bf:
+                    a1:aa:4a:4c:7d:3e:cf:4f:5f:6c:76:5e:a0:4b:37:
+                    91:9e:dc:22:e6:6d:ce:14:1a:8e:6a:cb:fe:cd:b3:
+                    14:64:17:c7:5b:29:9e:32:bf:f2:ee:fa:d3:0b:42:
+                    d4:ab:b7:41:32:da:0c:d4:ef:f8:81:d5:bb:8d:58:
+                    3f:b5:1b:e8:49:28:a2:70:da:31:04:dd:f7:b2:16:
+                    f2:4c:0a:4e:07:a8:ed:4a:3d:5e:b5:7f:a3:90:c3:
+                    af:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
+            X509v3 Authority Key Identifier: 
+                keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
+
+    Signature Algorithm: sha1WithRSAEncryption
+         cb:9c:37:aa:48:13:12:0a:fa:dd:44:9c:4f:52:b0:f4:df:ae:
+         04:f5:79:79:08:a3:24:18:fc:4b:2b:84:c0:2d:b9:d5:c7:fe:
+         f4:c1:1f:58:cb:b8:6d:9c:7a:74:e7:98:29:ab:11:b5:e3:70:
+         a0:a1:cd:4c:88:99:93:8c:91:70:e2:ab:0f:1c:be:93:a9:ff:
+         63:d5:e4:07:60:d3:a3:bf:9d:5b:09:f1:d5:8e:e3:53:f4:8e:
+         63:fa:3f:a7:db:b4:66:df:62:66:d6:d1:6e:41:8d:f2:2d:b5:
+         ea:77:4a:9f:9d:58:e2:2b:59:c0:40:23:ed:2d:28:82:45:3e:
+         79:54:92:26:98:e0:80:48:a8:37:ef:f0:d6:79:60:16:de:ac:
+         e8:0e:cd:6e:ac:44:17:38:2f:49:da:e1:45:3e:2a:b9:36:53:
+         cf:3a:50:06:f7:2e:e8:c4:57:49:6c:61:21:18:d5:04:ad:78:
+         3c:2c:3a:80:6b:a7:eb:af:15:14:e9:d8:89:c1:b9:38:6c:e2:
+         91:6c:8a:ff:64:b9:77:25:57:30:c0:1b:24:a3:e1:dc:e9:df:
+         47:7c:b5:b4:24:08:05:30:ec:2d:bd:0b:bf:45:bf:50:b9:a9:
+         f3:eb:98:01:12:ad:c8:88:c6:98:34:5f:8d:0a:3c:c6:e9:d5:
+         95:95:6d:de
+SHA1 Fingerprint=A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
+        Validity
+            Not Before: Jun 21 04:00:00 1999 GMT
+            Not After : Jun 21 04:00:00 2020 GMT
+        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ba:e7:17:90:02:65:b1:34:55:3c:49:c2:51:d5:
+                    df:a7:d1:37:8f:d1:e7:81:73:41:52:60:9b:9d:a1:
+                    17:26:78:ad:c7:b1:e8:26:94:32:b5:de:33:8d:3a:
+                    2f:db:f2:9a:7a:5a:73:98:a3:5c:e9:fb:8a:73:1b:
+                    5c:e7:c3:bf:80:6c:cd:a9:f4:d6:2b:c0:f7:f9:99:
+                    aa:63:a2:b1:47:02:0f:d4:e4:51:3a:12:3c:6c:8a:
+                    5a:54:84:70:db:c1:c5:90:cf:72:45:cb:a8:59:c0:
+                    cd:33:9d:3f:a3:96:eb:85:33:21:1c:3e:1e:3e:60:
+                    6e:76:9c:67:85:c5:c8:c3:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
+
+            X509v3 Subject Key Identifier: 
+                BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
+    Signature Algorithm: md5WithRSAEncryption
+         30:e2:01:51:aa:c7:ea:5f:da:b9:d0:65:0f:30:d6:3e:da:0d:
+         14:49:6e:91:93:27:14:31:ef:c4:f7:2d:45:f8:ec:c7:bf:a2:
+         41:0d:23:b4:92:f9:19:00:67:bd:01:af:cd:e0:71:fc:5a:cf:
+         64:c4:e0:96:98:d0:a3:40:e2:01:8a:ef:27:07:f1:65:01:8a:
+         44:2d:06:65:75:52:c0:86:10:20:21:5f:6c:6b:0f:6c:ae:09:
+         1c:af:f2:a2:18:34:c4:75:a4:73:1c:f1:8d:dc:ef:ad:f9:b3:
+         76:b4:92:bf:dc:95:10:1e:be:cb:c8:3b:5a:84:60:19:56:94:
+         a9:55
+SHA1 Fingerprint=7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
+ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
+MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
+dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
+UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
+58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
+o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
+aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
+A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
+Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
+8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
+        Validity
+            Not Before: Jun 21 04:00:00 1999 GMT
+            Not After : Jun 21 04:00:00 2020 GMT
+        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ce:2f:19:bc:17:b7:77:de:93:a9:5f:5a:0d:17:
+                    4f:34:1a:0c:98:f4:22:d9:59:d4:c4:68:46:f0:b4:
+                    35:c5:85:03:20:c6:af:45:a5:21:51:45:41:eb:16:
+                    58:36:32:6f:e2:50:62:64:f9:fd:51:9c:aa:24:d9:
+                    f4:9d:83:2a:87:0a:21:d3:12:38:34:6c:8d:00:6e:
+                    5a:a0:d9:42:ee:1a:21:95:f9:52:4c:55:5a:c5:0f:
+                    38:4f:46:fa:6d:f8:2e:35:d6:1d:7c:eb:e2:f0:b0:
+                    75:80:c8:a9:13:ac:be:88:ef:3a:6e:ab:5f:2a:38:
+                    62:02:b0:12:7b:fe:8f:a6:03
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
+
+            X509v3 Subject Key Identifier: 
+                4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
+    Signature Algorithm: md5WithRSAEncryption
+         75:5b:a8:9b:03:11:e6:e9:56:4c:cd:f9:a9:4c:c0:0d:9a:f3:
+         cc:65:69:e6:25:76:cc:59:b7:d6:54:c3:1d:cd:99:ac:19:dd:
+         b4:85:d5:e0:3d:fc:62:20:a7:84:4b:58:65:f1:e2:f9:95:21:
+         3f:f5:d4:7e:58:1e:47:87:54:3e:58:a1:b5:b5:f8:2a:ef:71:
+         e7:bc:c3:f6:b1:49:46:e2:d7:a0:6b:e5:56:7a:9a:27:98:7c:
+         46:62:14:e7:c9:fc:6e:03:12:79:80:38:1d:48:82:8d:fc:17:
+         fe:2a:96:2b:b5:62:a6:a6:3d:bd:7f:92:59:cd:5a:2a:82:b2:
+         37:79
+SHA1 Fingerprint=DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
+ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
+MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
+LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
+RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
+WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
+Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
+eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
+zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
+/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 144470 (0x23456)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
+        Validity
+            Not Before: May 21 04:00:00 2002 GMT
+            Not After : May 21 04:00:00 2022 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:
+                    3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:
+                    43:b6:03:e9:4d:21:07:08:88:da:58:2f:66:39:29:
+                    bd:05:78:8b:9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:
+                    60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6:ed:83:f3:
+                    ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:
+                    2e:4f:ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:
+                    80:7a:57:ad:f2:ee:5f:6b:d2:00:8d:b9:14:f8:14:
+                    15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9:55:2b:cd:
+                    d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:
+                    d4:d5:7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:
+                    5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb:8e:a4:39:
+                    19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1:1d:05:
+                    9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:
+                    fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:
+                    eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:
+                    36:84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:
+                    e4:f9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
+            X509v3 Authority Key Identifier: 
+                keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
+
+    Signature Algorithm: sha1WithRSAEncryption
+         35:e3:29:6a:e5:2f:5d:54:8e:29:50:94:9f:99:1a:14:e4:8f:
+         78:2a:62:94:a2:27:67:9e:d0:cf:1a:5e:47:e9:c1:b2:a4:cf:
+         dd:41:1a:05:4e:9b:4b:ee:4a:6f:55:52:b3:24:a1:37:0a:eb:
+         64:76:2a:2e:2c:f3:fd:3b:75:90:bf:fa:71:d8:c7:3d:37:d2:
+         b5:05:95:62:b9:a6:de:89:3d:36:7b:38:77:48:97:ac:a6:20:
+         8f:2e:a6:c9:0c:c2:b2:99:45:00:c7:ce:11:51:22:22:e0:a5:
+         ea:b6:15:48:09:64:ea:5e:4f:74:f7:05:3e:c7:8a:52:0c:db:
+         15:b4:bd:6d:9b:e5:c6:b1:54:68:a9:e3:69:90:b6:9a:a5:0f:
+         b8:b9:3f:20:7d:ae:4a:b5:b8:9c:e4:1d:b6:ab:e6:94:a5:c1:
+         c7:83:ad:db:f5:27:87:0e:04:6c:d5:ff:dd:a0:5d:ed:87:52:
+         b7:2b:15:02:ae:39:a6:6a:74:e9:da:c4:e7:bc:4d:34:1e:a9:
+         5c:4d:33:5f:92:09:2f:88:66:5d:77:97:c7:1d:76:13:a9:d5:
+         e5:f1:16:09:11:35:d5:ac:db:24:71:70:2c:98:56:0b:d9:17:
+         b4:d1:e3:51:2b:5e:75:e8:d5:d0:dc:4f:34:ed:c2:05:66:80:
+         a1:cb:e6:33
+SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
+        Validity
+            Not Before: Mar  4 05:00:00 2004 GMT
+            Not After : Mar  4 05:00:00 2019 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ef:3c:4d:40:3d:10:df:3b:53:00:e1:67:fe:94:
+                    60:15:3e:85:88:f1:89:0d:90:c8:28:23:99:05:e8:
+                    2b:20:9d:c6:f3:60:46:d8:c1:b2:d5:8c:31:d9:dc:
+                    20:79:24:81:bf:35:32:fc:63:69:db:b1:2a:6b:ee:
+                    21:58:f2:08:e9:78:cb:6f:cb:fc:16:52:c8:91:c4:
+                    ff:3d:73:de:b1:3e:a7:c2:7d:66:c1:f5:7e:52:24:
+                    1a:e2:d5:67:91:d0:82:10:d7:78:4b:4f:2b:42:39:
+                    bd:64:2d:40:a0:b0:10:d3:38:48:46:88:a1:0c:bb:
+                    3a:33:2a:62:98:fb:00:9d:13:59:7f:6f:3b:72:aa:
+                    ee:a6:0f:86:f9:05:61:ea:67:7f:0c:37:96:8b:e6:
+                    69:16:47:11:c2:27:59:03:b3:a6:60:c2:21:40:56:
+                    fa:a0:c7:7d:3a:13:e3:ec:57:c7:b3:d6:ae:9d:89:
+                    80:f7:01:e7:2c:f6:96:2b:13:0d:79:2c:d9:c0:e4:
+                    86:7b:4b:8c:0c:72:82:8a:fb:17:cd:00:6c:3a:13:
+                    3c:b0:84:87:4b:16:7a:29:b2:4f:db:1d:d4:0b:f3:
+                    66:37:bd:d8:f6:57:bb:5e:24:7a:b8:3c:8b:b9:fa:
+                    92:1a:1a:84:9e:d8:74:8f:aa:1b:7f:5e:f4:fe:45:
+                    22:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                71:38:36:F2:02:31:53:47:2B:6E:BA:65:46:A9:10:15:58:20:05:09
+            X509v3 Authority Key Identifier: 
+                keyid:71:38:36:F2:02:31:53:47:2B:6E:BA:65:46:A9:10:15:58:20:05:09
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+         03:f7:b5:2b:ab:5d:10:fc:7b:b2:b2:5e:ac:9b:0e:7e:53:78:
+         59:3e:42:04:fe:75:a3:ad:ac:81:4e:d7:02:8b:5e:c4:2d:c8:
+         52:76:c7:2c:1f:fc:81:32:98:d1:4b:c6:92:93:33:35:31:2f:
+         fc:d8:1d:44:dd:e0:81:7f:9d:e9:8b:e1:64:91:62:0b:39:08:
+         8c:ac:74:9d:59:d9:7a:59:52:97:11:b9:16:7b:6f:45:d3:96:
+         d9:31:7d:02:36:0f:9c:3b:6e:cf:2c:0d:03:46:45:eb:a0:f4:
+         7f:48:44:c6:08:40:cc:de:1b:70:b5:29:ad:ba:8b:3b:34:65:
+         75:1b:71:21:1d:2c:14:0a:b0:96:95:b8:d6:ea:f2:65:fb:29:
+         ba:4f:ea:91:93:74:69:b6:f2:ff:e1:1a:d0:0c:d1:76:85:cb:
+         8a:25:bd:97:5e:2c:6f:15:99:26:e7:b6:29:ff:22:ec:c9:02:
+         c7:56:00:cd:49:b9:b3:6c:7b:53:04:1a:e2:a8:c9:aa:12:05:
+         23:c2:ce:e7:bb:04:02:cc:c0:47:a2:e4:c4:29:2f:5b:45:57:
+         89:51:ee:3c:eb:52:08:ff:07:35:1e:9f:35:6a:47:4a:56:98:
+         d1:5a:85:1f:8c:f5:22:bf:ab:ce:83:f3:e2:22:29:ae:7d:83:
+         40:a8:ba:6c
+SHA1 Fingerprint=A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
+        Validity
+            Not Before: Nov 27 00:00:00 2006 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:be:b8:15:7b:ff:d4:7c:7d:67:ad:83:64:7b:c8:
+                    42:53:2d:df:f6:84:08:20:61:d6:01:59:6a:9c:44:
+                    11:af:ef:76:fd:95:7e:ce:61:30:bb:7a:83:5f:02:
+                    bd:01:66:ca:ee:15:8d:6f:a1:30:9c:bd:a1:85:9e:
+                    94:3a:f3:56:88:00:31:cf:d8:ee:6a:96:02:d9:ed:
+                    03:8c:fb:75:6d:e7:ea:b8:55:16:05:16:9a:f4:e0:
+                    5e:b1:88:c0:64:85:5c:15:4d:88:c7:b7:ba:e0:75:
+                    e9:ad:05:3d:9d:c7:89:48:e0:bb:28:c8:03:e1:30:
+                    93:64:5e:52:c0:59:70:22:35:57:88:8a:f1:95:0a:
+                    83:d7:bc:31:73:01:34:ed:ef:46:71:e0:6b:02:a8:
+                    35:72:6b:97:9b:66:e0:cb:1c:79:5f:d8:1a:04:68:
+                    1e:47:02:e6:9d:60:e2:36:97:01:df:ce:35:92:df:
+                    be:67:c7:6d:77:59:3b:8f:9d:d6:90:15:94:bc:42:
+                    34:10:c1:39:f9:b1:27:3e:7e:d6:8a:75:c5:b2:af:
+                    96:d3:a2:de:9b:e4:98:be:7d:e1:e9:81:ad:b6:6f:
+                    fc:d7:0e:da:e0:34:b0:0d:1a:77:e7:e3:08:98:ef:
+                    58:fa:9c:84:b7:36:af:c2:df:ac:d2:f4:10:06:70:
+                    71:35
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                2C:D5:50:41:97:15:8B:F0:8F:36:61:5B:4A:FB:6B:D9:99:C9:33:92
+    Signature Algorithm: sha1WithRSAEncryption
+         5a:70:7f:2c:dd:b7:34:4f:f5:86:51:a9:26:be:4b:b8:aa:f1:
+         71:0d:dc:61:c7:a0:ea:34:1e:7a:77:0f:04:35:e8:27:8f:6c:
+         90:bf:91:16:24:46:3e:4a:4e:ce:2b:16:d5:0b:52:1d:fc:1f:
+         67:a2:02:45:31:4f:ce:f3:fa:03:a7:79:9d:53:6a:d9:da:63:
+         3a:f8:80:d7:d3:99:e1:a5:e1:be:d4:55:71:98:35:3a:be:93:
+         ea:ae:ad:42:b2:90:6f:e0:fc:21:4d:35:63:33:89:49:d6:9b:
+         4e:ca:c7:e7:4e:09:00:f7:da:c7:ef:99:62:99:77:b6:95:22:
+         5e:8a:a0:ab:f4:b8:78:98:ca:38:19:99:c9:72:9e:78:cd:4b:
+         ac:af:19:a0:73:12:2d:fc:c2:41:ba:81:91:da:16:5a:31:b7:
+         f9:b4:71:80:12:48:99:72:73:5a:59:53:c1:63:52:33:ed:a7:
+         c9:d2:39:02:70:fa:e0:b1:42:66:29:aa:9b:51:ed:30:54:22:
+         14:5f:d9:ab:1d:c1:e4:94:f0:f8:f5:2b:f7:ea:ca:78:46:d6:
+         b8:91:fd:a6:0d:2b:1a:14:01:3e:80:f0:42:a0:95:07:5e:6d:
+         cd:cc:4b:a4:45:8d:ab:12:e8:b3:de:5a:e5:a0:7c:e8:0f:22:
+         1d:5a:e9:59
+SHA1 Fingerprint=32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
+        Validity
+            Not Before: Apr  2 00:00:00 2008 GMT
+            Not After : Dec  1 23:59:59 2037 GMT
+        Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:dc:e2:5e:62:58:1d:33:57:39:32:33:fa:eb:cb:
+                    87:8c:a7:d4:4a:dd:06:88:ea:64:8e:31:98:a5:38:
+                    90:1e:98:cf:2e:63:2b:f0:46:bc:44:b2:89:a1:c0:
+                    28:0c:49:70:21:95:9f:64:c0:a6:93:12:02:65:26:
+                    86:c6:a5:89:f0:fa:d7:84:a0:70:af:4f:1a:97:3f:
+                    06:44:d5:c9:eb:72:10:7d:e4:31:28:fb:1c:61:e6:
+                    28:07:44:73:92:22:69:a7:03:88:6c:9d:63:c8:52:
+                    da:98:27:e7:08:4c:70:3e:b4:c9:12:c1:c5:67:83:
+                    5d:33:f3:03:11:ec:6a:d0:53:e2:d1:ba:36:60:94:
+                    80:bb:61:63:6c:5b:17:7e:df:40:94:1e:ab:0d:c2:
+                    21:28:70:88:ff:d6:26:6c:6c:60:04:25:4e:55:7e:
+                    7d:ef:bf:94:48:de:b7:1d:dd:70:8d:05:5f:88:a5:
+                    9b:f2:c2:ee:ea:d1:40:41:6d:62:38:1d:56:06:c5:
+                    03:47:51:20:19:fc:7b:10:0b:0e:62:ae:76:55:bf:
+                    5f:77:be:3e:49:01:53:3d:98:25:03:76:24:5a:1d:
+                    b4:db:89:ea:79:e5:b6:b3:3b:3f:ba:4c:28:41:7f:
+                    06:ac:6a:8e:c1:d0:f6:05:1d:7d:e6:42:86:e3:a5:
+                    d5:47
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                C4:79:CA:8E:A1:4E:03:1D:1C:DC:6B:DB:31:5B:94:3E:3F:30:7F:2D
+    Signature Algorithm: sha256WithRSAEncryption
+         2d:c5:13:cf:56:80:7b:7a:78:bd:9f:ae:2c:99:e7:ef:da:df:
+         94:5e:09:69:a7:e7:6e:68:8c:bd:72:be:47:a9:0e:97:12:b8:
+         4a:f1:64:d3:39:df:25:34:d4:c1:cd:4e:81:f0:0f:04:c4:24:
+         b3:34:96:c6:a6:aa:30:df:68:61:73:d7:f9:8e:85:89:ef:0e:
+         5e:95:28:4a:2a:27:8f:10:8e:2e:7c:86:c4:02:9e:da:0c:77:
+         65:0e:44:0d:92:fd:fd:b3:16:36:fa:11:0d:1d:8c:0e:07:89:
+         6a:29:56:f7:72:f4:dd:15:9c:77:35:66:57:ab:13:53:d8:8e:
+         c1:40:c5:d7:13:16:5a:72:c7:b7:69:01:c4:7a:b1:83:01:68:
+         7d:8d:41:a1:94:18:c1:25:5c:fc:f0:fe:83:02:87:7c:0d:0d:
+         cf:2e:08:5c:4a:40:0d:3e:ec:81:61:e6:24:db:ca:e0:0e:2d:
+         07:b2:3e:56:dc:8d:f5:41:85:07:48:9b:0c:0b:cb:49:3f:7d:
+         ec:b7:fd:cb:8d:67:89:1a:ab:ed:bb:1e:a3:00:08:08:17:2a:
+         82:5c:31:5d:46:8a:2d:0f:86:9b:74:d9:45:fb:d4:40:b1:7a:
+         aa:68:2d:86:b2:99:22:e1:c1:2b:c7:9c:f8:f3:5f:a8:82:12:
+         eb:19:11:2d
+SHA1 Fingerprint=03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
+        Validity
+            Not Before: Mar  4 05:00:00 2004 GMT
+            Not After : Mar  4 05:00:00 2029 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a6:15:55:a0:a3:c6:e0:1f:8c:9d:21:50:d7:c1:
+                    be:2b:5b:b5:a4:9e:a1:d9:72:58:bd:00:1b:4c:bf:
+                    61:c9:14:1d:45:82:ab:c6:1d:80:d6:3d:eb:10:9c:
+                    3a:af:6d:24:f8:bc:71:01:9e:06:f5:7c:5f:1e:c1:
+                    0e:55:ca:83:9a:59:30:ae:19:cb:30:48:95:ed:22:
+                    37:8d:f4:4a:9a:72:66:3e:ad:95:c0:e0:16:00:e0:
+                    10:1f:2b:31:0e:d7:94:54:d3:42:33:a0:34:1d:1e:
+                    45:76:dd:4f:ca:18:37:ec:85:15:7a:19:08:fc:d5:
+                    c7:9c:f0:f2:a9:2e:10:a9:92:e6:3d:58:3d:a9:16:
+                    68:3c:2f:75:21:18:7f:28:77:a5:e1:61:17:b7:a6:
+                    e9:f8:1e:99:db:73:6e:f4:0a:a2:21:6c:ee:da:aa:
+                    85:92:66:af:f6:7a:6b:82:da:ba:22:08:35:0f:cf:
+                    42:f1:35:fa:6a:ee:7e:2b:25:cc:3a:11:e4:6d:af:
+                    73:b2:76:1d:ad:d0:b2:78:67:1a:a4:39:1c:51:0b:
+                    67:56:83:fd:38:5d:0d:ce:dd:f0:bb:2b:96:1f:de:
+                    7b:32:52:fd:1d:bb:b5:06:a1:b2:21:5e:a5:d6:95:
+                    68:7f:f0:99:9e:dc:45:08:3e:e7:d2:09:0d:35:94:
+                    dd:80:4e:53:97:d7:b5:09:44:20:64:16:17:03:02:
+                    4c:53:0d:68:de:d5:aa:72:4d:93:6d:82:0e:db:9c:
+                    bd:cf:b4:f3:5c:5d:54:7a:69:09:96:d6:db:11:c1:
+                    8d:75:a8:b4:cf:39:c8:ce:3c:bc:24:7c:e6:62:ca:
+                    e1:bd:7d:a7:bd:57:65:0b:e4:fe:25:ed:b6:69:10:
+                    dc:28:1a:46:bd:01:1d:d0:97:b5:e1:98:3b:c0:37:
+                    64:d6:3d:94:ee:0b:e1:f5:28:ae:0b:56:bf:71:8b:
+                    23:29:41:8e:86:c5:4b:52:7b:d8:71:ab:1f:8a:15:
+                    a6:3b:83:5a:d7:58:01:51:c6:4c:41:d9:7f:d8:41:
+                    67:72:a2:28:df:60:83:a9:9e:c8:7b:fc:53:73:72:
+                    59:f5:93:7a:17:76:0e:ce:f7:e5:5c:d9:0b:55:34:
+                    a2:aa:5b:b5:6a:54:e7:13:ca:57:ec:97:6d:f4:5e:
+                    06:2f:45:8b:58:d4:23:16:92:e4:16:6e:28:63:59:
+                    30:df:50:01:9c:63:89:1a:9f:db:17:94:82:70:37:
+                    c3:24:9e:9a:47:d6:5a:ca:4e:a8:69:89:72:1f:91:
+                    6c:db:7e:9e:1b:ad:c7:1f:73:dd:2c:4f:19:65:fd:
+                    7f:93:40:10:2e:d2:f0:ed:3c:9e:2e:28:3e:69:26:
+                    33:c5:7b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                DA:BB:2E:AA:B0:0C:B8:88:26:51:74:5C:6D:03:D3:C0:D8:8F:7A:D6
+            X509v3 Authority Key Identifier: 
+                keyid:DA:BB:2E:AA:B0:0C:B8:88:26:51:74:5C:6D:03:D3:C0:D8:8F:7A:D6
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+         31:78:e6:c7:b5:df:b8:94:40:c9:71:c4:a8:35:ec:46:1d:c2:
+         85:f3:28:58:86:b0:0b:fc:8e:b2:39:8f:44:55:ab:64:84:5c:
+         69:a9:d0:9a:38:3c:fa:e5:1f:35:e5:44:e3:80:79:94:68:a4:
+         bb:c4:9f:3d:e1:34:cd:30:46:8b:54:2b:95:a5:ef:f7:3f:99:
+         84:fd:35:e6:cf:31:c6:dc:6a:bf:a7:d7:23:08:e1:98:5e:c3:
+         5a:08:76:a9:a6:af:77:2f:b7:60:bd:44:46:6a:ef:97:ff:73:
+         95:c1:8e:e8:93:fb:fd:31:b7:ec:57:11:11:45:9b:30:f1:1a:
+         88:39:c1:4f:3c:a7:00:d5:c7:fc:ab:6d:80:22:70:a5:0c:e0:
+         5d:04:29:02:fb:cb:a0:91:d1:7c:d6:c3:7e:50:d5:9d:58:be:
+         41:38:eb:b9:75:3c:15:d9:9b:c9:4a:83:59:c0:da:53:fd:33:
+         bb:36:18:9b:85:0f:15:dd:ee:2d:ac:76:93:b9:d9:01:8d:48:
+         10:a8:fb:f5:38:86:f1:db:0a:c6:bd:84:a3:23:41:de:d6:77:
+         6f:85:d4:85:1c:50:e0:ae:51:8a:ba:8d:3e:76:e2:b9:ca:27:
+         f2:5f:9f:ef:6e:59:0d:06:d8:2b:17:a4:d2:7c:6b:bb:5f:14:
+         1a:48:8f:1a:4c:e7:b3:47:1c:8e:4c:45:2b:20:ee:48:df:e7:
+         dd:09:8e:18:a8:da:40:8d:92:26:11:53:61:73:5d:eb:bd:e7:
+         c4:4d:29:37:61:eb:ac:39:2d:67:2e:16:d6:f5:00:83:85:a1:
+         cc:7f:76:c4:7d:e4:b7:4b:66:ef:03:45:60:69:b6:0c:52:96:
+         92:84:5e:a6:a3:b5:a4:3e:2b:d9:cc:d8:1b:47:aa:f2:44:da:
+         4f:f9:03:e8:f0:14:cb:3f:f3:83:de:d0:c1:54:e3:b7:e8:0a:
+         37:4d:8b:20:59:03:30:19:a1:2c:c8:bd:11:1f:df:ae:c9:4a:
+         c5:f3:27:66:66:86:ac:68:91:ff:d9:e6:53:1c:0f:8b:5c:69:
+         65:0a:26:c8:1e:34:c3:5d:51:7b:d7:a9:9c:06:a1:36:dd:d5:
+         89:94:bc:d9:e4:2d:0c:5e:09:6c:08:97:7c:a3:3d:7c:93:ff:
+         3f:a1:14:a7:cf:b5:5d:eb:db:db:1c:c4:76:df:88:b9:bd:45:
+         05:95:1b:ae:fc:46:6a:4c:af:48:e3:ce:ae:0f:d2:7e:eb:e6:
+         6c:9c:4f:81:6a:7a:64:ac:bb:3e:d5:e7:cb:76:2e:c5:a7:48:
+         c1:5c:90:0f:cb:c8:3f:fa:e6:32:e1:8d:1b:6f:a4:e6:8e:d8:
+         f9:29:48:8a:ce:73:fe:2c
+SHA1 Fingerprint=E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
+        Validity
+            Not Before: Mar  4 05:00:00 2004 GMT
+            Not After : Mar  4 05:00:00 2029 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b3:54:52:c1:c9:3e:f2:d9:dc:b1:53:1a:59:29:
+                    e7:b1:c3:45:28:e5:d7:d1:ed:c5:c5:4b:a1:aa:74:
+                    7b:57:af:4a:26:fc:d8:f5:5e:a7:6e:19:db:74:0c:
+                    4f:35:5b:32:0b:01:e3:db:eb:7a:77:35:ea:aa:5a:
+                    e0:d6:e8:a1:57:94:f0:90:a3:74:56:94:44:30:03:
+                    1e:5c:4e:2b:85:26:74:82:7a:0c:76:a0:6f:4d:ce:
+                    41:2d:a0:15:06:14:5f:b7:42:cd:7b:8f:58:61:34:
+                    dc:2a:08:f9:2e:c3:01:a6:22:44:1c:4c:07:82:e6:
+                    5b:ce:d0:4a:7c:04:d3:19:73:27:f0:aa:98:7f:2e:
+                    af:4e:eb:87:1e:24:77:6a:5d:b6:e8:5b:45:ba:dc:
+                    c3:a1:05:6f:56:8e:8f:10:26:a5:49:c3:2e:d7:41:
+                    87:22:e0:4f:86:ca:60:b5:ea:a1:63:c0:01:97:10:
+                    79:bd:00:3c:12:6d:2b:15:b1:ac:4b:b1:ee:18:b9:
+                    4e:96:dc:dc:76:ff:3b:be:cf:5f:03:c0:fc:3b:e8:
+                    be:46:1b:ff:da:40:c2:52:f7:fe:e3:3a:f7:6a:77:
+                    35:d0:da:8d:eb:5e:18:6a:31:c7:1e:ba:3c:1b:28:
+                    d6:6b:54:c6:aa:5b:d7:a2:2c:1b:19:cc:a2:02:f6:
+                    9b:59:bd:37:6b:86:b5:6d:82:ba:d8:ea:c9:56:bc:
+                    a9:36:58:fd:3e:19:f3:ed:0c:26:a9:93:38:f8:4f:
+                    c1:5d:22:06:d0:97:ea:e1:ad:c6:55:e0:81:2b:28:
+                    83:3a:fa:f4:7b:21:51:00:be:52:38:ce:cd:66:79:
+                    a8:f4:81:56:e2:d0:83:09:47:51:5b:50:6a:cf:db:
+                    48:1a:5d:3e:f7:cb:f6:65:f7:6c:f1:95:f8:02:3b:
+                    32:56:82:39:7a:5b:bd:2f:89:1b:bf:a1:b4:e8:ff:
+                    7f:8d:8c:df:03:f1:60:4e:58:11:4c:eb:a3:3f:10:
+                    2b:83:9a:01:73:d9:94:6d:84:00:27:66:ac:f0:70:
+                    40:09:42:92:ad:4f:93:0d:61:09:51:24:d8:92:d5:
+                    0b:94:61:b2:87:b2:ed:ff:9a:35:ff:85:54:ca:ed:
+                    44:43:ac:1b:3c:16:6b:48:4a:0a:1c:40:88:1f:92:
+                    c2:0b:00:05:ff:f2:c8:02:4a:a4:aa:a9:cc:99:96:
+                    9c:2f:58:e0:7d:e1:be:bb:07:dc:5f:04:72:5c:31:
+                    34:c3:ec:5f:2d:e0:3d:64:90:22:e6:d1:ec:b8:2e:
+                    dd:59:ae:d9:a1:37:bf:54:35:dc:73:32:4f:8c:04:
+                    1e:33:b2:c9:46:f1:d8:5c:c8:55:50:c9:68:bd:a8:
+                    ba:36:09
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                76:F3:55:E1:FA:A4:36:FB:F0:9F:5C:62:71:ED:3C:F4:47:38:10:2B
+            X509v3 Authority Key Identifier: 
+                keyid:76:F3:55:E1:FA:A4:36:FB:F0:9F:5C:62:71:ED:3C:F4:47:38:10:2B
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+         66:c1:c6:23:f3:d9:e0:2e:6e:5f:e8:cf:ae:b0:b0:25:4d:2b:
+         f8:3b:58:9b:40:24:37:5a:cb:ab:16:49:ff:b3:75:79:33:a1:
+         2f:6d:70:17:34:91:fe:67:7e:8f:ec:9b:e5:5e:82:a9:55:1f:
+         2f:dc:d4:51:07:12:fe:ac:16:3e:2c:35:c6:63:fc:dc:10:eb:
+         0d:a3:aa:d0:7c:cc:d1:d0:2f:51:2e:c4:14:5a:de:e8:19:e1:
+         3e:c6:cc:a4:29:e7:2e:84:aa:06:30:78:76:54:73:28:98:59:
+         38:e0:00:0d:62:d3:42:7d:21:9f:ae:3d:3a:8c:d5:fa:77:0d:
+         18:2b:16:0e:5f:36:e1:fc:2a:b5:30:24:cf:e0:63:0c:7b:58:
+         1a:fe:99:ba:42:12:b1:91:f4:7c:68:e2:c8:e8:af:2c:ea:c9:
+         7e:ae:bb:2a:3d:0d:15:dc:34:95:b6:18:74:a8:6a:0f:c7:b4:
+         f4:13:c4:e4:5b:ed:0a:d2:a4:97:4c:2a:ed:2f:6c:12:89:3d:
+         f1:27:70:aa:6a:03:52:21:9f:40:a8:67:50:f2:f3:5a:1f:df:
+         df:23:f6:dc:78:4e:e6:98:4f:55:3a:53:e3:ef:f2:f4:9f:c7:
+         7c:d8:58:af:29:22:97:b8:e0:bd:91:2e:b0:76:ec:57:11:cf:
+         ef:29:44:f3:e9:85:7a:60:63:e4:5d:33:89:17:d9:31:aa:da:
+         d6:f3:18:35:72:cf:87:2b:2f:63:23:84:5d:84:8c:3f:57:a0:
+         88:fc:99:91:28:26:69:99:d4:8f:97:44:be:8e:d5:48:b1:a4:
+         28:29:f1:15:b4:e1:e5:9e:dd:f8:8f:a6:6f:26:d7:09:3c:3a:
+         1c:11:0e:a6:6c:37:f7:ad:44:87:2c:28:c7:d8:74:82:b3:d0:
+         6f:4a:57:bb:35:29:27:a0:8b:e8:21:a7:87:64:36:5d:cc:d8:
+         16:ac:c7:b2:27:40:92:55:38:28:8d:51:6e:dd:14:67:53:6c:
+         71:5c:26:84:4d:75:5a:b6:7e:60:56:a9:4d:ad:fb:9b:1e:97:
+         f3:0d:d9:d2:97:54:77:da:3d:12:b7:e0:1e:ef:08:06:ac:f9:
+         85:87:e9:a2:dc:af:7e:18:12:83:fd:56:17:41:2e:d5:29:82:
+         7d:99:f4:31:f6:71:a9:cf:2c:01:27:a5:05:b9:aa:b2:48:4e:
+         2a:ef:9f:93:52:51:95:3c:52:73:8e:56:4c:17:40:c0:09:28:
+         e4:8b:6a:48:53:db:ec:cd:55:55:f1:c6:f8:e9:a2:2c:4c:a6:
+         d1:26:5f:7e:af:5a:4c:da:1f:a6:f2:1c:2c:7e:ae:02:16:d2:
+         56:d0:2f:57:53:47:e8:92
+SHA1 Fingerprint=37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Validity
+            Not Before: Jun 29 17:06:20 2004 GMT
+            Not After : Jun 29 17:06:20 2034 GMT
+        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
+                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
+                    5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
+                    da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
+                    c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
+                    6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
+                    27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
+                    1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
+                    fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
+                    12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
+                    5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
+                    72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
+                    ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
+                    fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
+                    77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
+                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
+                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
+                    1b:af
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+            X509v3 Authority Key Identifier: 
+                keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+         32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
+         14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
+         96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
+         31:f6:7a:c4:54:d7:f6:e5:31:58:03:a2:cc:ce:62:db:94:45:
+         73:b5:bf:45:c9:24:b5:d5:82:02:ad:23:79:69:8d:b8:b6:4d:
+         ce:cf:4c:ca:33:23:e8:1c:88:aa:9d:8b:41:6e:16:c9:20:e5:
+         89:9e:cd:3b:da:70:f7:7e:99:26:20:14:54:25:ab:6e:73:85:
+         e6:9b:21:9d:0a:6c:82:0e:a8:f8:c2:0c:fa:10:1e:6c:96:ef:
+         87:0d:c4:0f:61:8b:ad:ee:83:2b:95:f8:8e:92:84:72:39:eb:
+         20:ea:83:ed:83:cd:97:6e:08:bc:eb:4e:26:b6:73:2b:e4:d3:
+         f6:4c:fe:26:71:e2:61:11:74:4a:ff:57:1a:87:0f:75:48:2e:
+         cf:51:69:17:a0:02:12:61:95:d5:d1:40:b2:10:4c:ee:c4:ac:
+         10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
+         2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
+         7f:db:bd:9f
+SHA1 Fingerprint=27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
+        Validity
+            Not Before: Sep  1 00:00:00 2009 GMT
+            Not After : Dec 31 23:59:59 2037 GMT
+        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:71:62:08:f1:fa:59:34:f7:1b:c9:18:a3:f7:
+                    80:49:58:e9:22:83:13:a6:c5:20:43:01:3b:84:f1:
+                    e6:85:49:9f:27:ea:f6:84:1b:4e:a0:b4:db:70:98:
+                    c7:32:01:b1:05:3e:07:4e:ee:f4:fa:4f:2f:59:30:
+                    22:e7:ab:19:56:6b:e2:80:07:fc:f3:16:75:80:39:
+                    51:7b:e5:f9:35:b6:74:4e:a9:8d:82:13:e4:b6:3f:
+                    a9:03:83:fa:a2:be:8a:15:6a:7f:de:0b:c3:b6:19:
+                    14:05:ca:ea:c3:a8:04:94:3b:46:7c:32:0d:f3:00:
+                    66:22:c8:8d:69:6d:36:8c:11:18:b7:d3:b2:1c:60:
+                    b4:38:fa:02:8c:ce:d3:dd:46:07:de:0a:3e:eb:5d:
+                    7c:c8:7c:fb:b0:2b:53:a4:92:62:69:51:25:05:61:
+                    1a:44:81:8c:2c:a9:43:96:23:df:ac:3a:81:9a:0e:
+                    29:c5:1c:a9:e9:5d:1e:b6:9e:9e:30:0a:39:ce:f1:
+                    88:80:fb:4b:5d:cc:32:ec:85:62:43:25:34:02:56:
+                    27:01:91:b4:3b:70:2a:3f:6e:b1:e8:9c:88:01:7d:
+                    9f:d4:f9:db:53:6d:60:9d:bf:2c:e7:58:ab:b8:5f:
+                    46:fc:ce:c4:1b:03:3c:09:eb:49:31:5c:69:46:b3:
+                    e0:47
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE
+    Signature Algorithm: sha256WithRSAEncryption
+         99:db:5d:79:d5:f9:97:59:67:03:61:f1:7e:3b:06:31:75:2d:
+         a1:20:8e:4f:65:87:b4:f7:a6:9c:bc:d8:e9:2f:d0:db:5a:ee:
+         cf:74:8c:73:b4:38:42:da:05:7b:f8:02:75:b8:fd:a5:b1:d7:
+         ae:f6:d7:de:13:cb:53:10:7e:8a:46:d1:97:fa:b7:2e:2b:11:
+         ab:90:b0:27:80:f9:e8:9f:5a:e9:37:9f:ab:e4:df:6c:b3:85:
+         17:9d:3d:d9:24:4f:79:91:35:d6:5f:04:eb:80:83:ab:9a:02:
+         2d:b5:10:f4:d8:90:c7:04:73:40:ed:72:25:a0:a9:9f:ec:9e:
+         ab:68:12:99:57:c6:8f:12:3a:09:a4:bd:44:fd:06:15:37:c1:
+         9b:e4:32:a3:ed:38:e8:d8:64:f3:2c:7e:14:fc:02:ea:9f:cd:
+         ff:07:68:17:db:22:90:38:2d:7a:8d:d1:54:f1:69:e3:5f:33:
+         ca:7a:3d:7b:0a:e3:ca:7f:5f:39:e5:e2:75:ba:c5:76:18:33:
+         ce:2c:f0:2f:4c:ad:f7:b1:e7:ce:4f:a8:c4:9b:4a:54:06:c5:
+         7f:7d:d5:08:0f:e2:1c:fe:7e:17:b8:ac:5e:f6:d4:16:b2:43:
+         09:0c:4d:f6:a7:6b:b4:99:84:65:ca:7a:88:e2:e2:44:be:5c:
+         f7:ea:1c:f5
+SHA1 Fingerprint=47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
+        Validity
+            Not Before: Jun 29 17:39:16 2004 GMT
+            Not After : Jun 29 17:39:16 2034 GMT
+        Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:
+                    ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:
+                    c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:
+                    9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:
+                    f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:
+                    a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:
+                    4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:
+                    af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:
+                    d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:
+                    b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:
+                    9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:
+                    b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:
+                    b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:
+                    b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:
+                    5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:
+                    23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:
+                    0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:
+                    01:ab
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+            X509v3 Authority Key Identifier: 
+                keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+                DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+         05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da:9b:01:
+         87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e:cc:c7:5e:6a:
+         d8:83:87:a1:97:ef:49:35:3e:77:06:41:58:62:bf:8e:58:b8:
+         0a:67:3f:ec:b3:dd:21:66:1f:c9:54:fa:72:cc:3d:4c:40:d8:
+         81:af:77:9e:83:7a:bb:a2:c7:f5:34:17:8e:d9:11:40:f4:fc:
+         2c:2a:4d:15:7f:a7:62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:
+         17:b8:f4:bd:8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:
+         2d:7a:a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0:
+         f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be:f5:71:
+         90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58:00:23:ea:e3:
+         12:43:29:5b:47:08:dd:8c:41:6a:65:06:a8:e5:21:aa:41:b4:
+         95:21:95:b9:7d:d1:34:ab:13:d6:ad:bc:dc:e2:3d:39:cd:bd:
+         3e:75:70:a1:18:59:03:c9:22:b4:8f:9c:d5:5e:2a:d7:a5:b6:
+         d4:0a:6d:f8:b7:40:11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:
+         2f:1f:17:94
+SHA1 Fingerprint=AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
+        Validity
+            Not Before: Sep  1 00:00:00 2009 GMT
+            Not After : Dec 31 23:59:59 2037 GMT
+        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bd:ed:c1:03:fc:f6:8f:fc:02:b1:6f:5b:9f:48:
+                    d9:9d:79:e2:a2:b7:03:61:56:18:c3:47:b6:d7:ca:
+                    3d:35:2e:89:43:f7:a1:69:9b:de:8a:1a:fd:13:20:
+                    9c:b4:49:77:32:29:56:fd:b9:ec:8c:dd:22:fa:72:
+                    dc:27:61:97:ee:f6:5a:84:ec:6e:19:b9:89:2c:dc:
+                    84:5b:d5:74:fb:6b:5f:c5:89:a5:10:52:89:46:55:
+                    f4:b8:75:1c:e6:7f:e4:54:ae:4b:f8:55:72:57:02:
+                    19:f8:17:71:59:eb:1e:28:07:74:c5:9d:48:be:6c:
+                    b4:f4:a4:b0:f3:64:37:79:92:c0:ec:46:5e:7f:e1:
+                    6d:53:4c:62:af:cd:1f:0b:63:bb:3a:9d:fb:fc:79:
+                    00:98:61:74:cf:26:82:40:63:f3:b2:72:6a:19:0d:
+                    99:ca:d4:0e:75:cc:37:fb:8b:89:c1:59:f1:62:7f:
+                    5f:b3:5f:65:30:f8:a7:b7:4d:76:5a:1e:76:5e:34:
+                    c0:e8:96:56:99:8a:b3:f0:7f:a4:cd:bd:dc:32:31:
+                    7c:91:cf:e0:5f:11:f8:6b:aa:49:5c:d1:99:94:d1:
+                    a2:e3:63:5b:09:76:b5:56:62:e1:4b:74:1d:96:d4:
+                    26:d4:08:04:59:d0:98:0e:0e:e6:de:fc:c3:ec:1f:
+                    90:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27
+    Signature Algorithm: sha256WithRSAEncryption
+         11:59:fa:25:4f:03:6f:94:99:3b:9a:1f:82:85:39:d4:76:05:
+         94:5e:e1:28:93:6d:62:5d:09:c2:a0:a8:d4:b0:75:38:f1:34:
+         6a:9d:e4:9f:8a:86:26:51:e6:2c:d1:c6:2d:6e:95:20:4a:92:
+         01:ec:b8:8a:67:7b:31:e2:67:2e:8c:95:03:26:2e:43:9d:4a:
+         31:f6:0e:b5:0c:bb:b7:e2:37:7f:22:ba:00:a3:0e:7b:52:fb:
+         6b:bb:3b:c4:d3:79:51:4e:cd:90:f4:67:07:19:c8:3c:46:7a:
+         0d:01:7d:c5:58:e7:6d:e6:85:30:17:9a:24:c4:10:e0:04:f7:
+         e0:f2:7f:d4:aa:0a:ff:42:1d:37:ed:94:e5:64:59:12:20:77:
+         38:d3:32:3e:38:81:75:96:73:fa:68:8f:b1:cb:ce:1f:c5:ec:
+         fa:9c:7e:cf:7e:b1:f1:07:2d:b6:fc:bf:ca:a4:bf:d0:97:05:
+         4a:bc:ea:18:28:02:90:bd:54:78:09:21:71:d3:d1:7d:1d:d9:
+         16:b0:a9:61:3d:d0:0a:00:22:fc:c7:7b:cb:09:64:45:0b:3b:
+         40:81:f7:7d:7c:32:f5:98:ca:58:8e:7d:2a:ee:90:59:73:64:
+         f9:36:74:5e:25:a1:f5:66:05:2e:7f:39:15:a9:2a:fb:50:8b:
+         8e:85:69:f4
+SHA1 Fingerprint=B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
+        Validity
+            Not Before: Sep  1 00:00:00 2009 GMT
+            Not After : Dec 31 23:59:59 2037 GMT
+        Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:0c:3a:c4:2a:f9:4e:e2:f5:be:19:97:5f:8e:
+                    88:53:b1:1f:3f:cb:cf:9f:20:13:6d:29:3a:c8:0f:
+                    7d:3c:f7:6b:76:38:63:d9:36:60:a8:9b:5e:5c:00:
+                    80:b2:2f:59:7f:f6:87:f9:25:43:86:e7:69:1b:52:
+                    9a:90:e1:71:e3:d8:2d:0d:4e:6f:f6:c8:49:d9:b6:
+                    f3:1a:56:ae:2b:b6:74:14:eb:cf:fb:26:e3:1a:ba:
+                    1d:96:2e:6a:3b:58:94:89:47:56:ff:25:a0:93:70:
+                    53:83:da:84:74:14:c3:67:9e:04:68:3a:df:8e:40:
+                    5a:1d:4a:4e:cf:43:91:3b:e7:56:d6:00:70:cb:52:
+                    ee:7b:7d:ae:3a:e7:bc:31:f9:45:f6:c2:60:cf:13:
+                    59:02:2b:80:cc:34:47:df:b9:de:90:65:6d:02:cf:
+                    2c:91:a6:a6:e7:de:85:18:49:7c:66:4e:a3:3a:6d:
+                    a9:b5:ee:34:2e:ba:0d:03:b8:33:df:47:eb:b1:6b:
+                    8d:25:d9:9b:ce:81:d1:45:46:32:96:70:87:de:02:
+                    0e:49:43:85:b6:6c:73:bb:64:ea:61:41:ac:c9:d4:
+                    54:df:87:2f:c7:22:b2:26:cc:9f:59:54:68:9f:fc:
+                    be:2a:2f:c4:55:1c:75:40:60:17:85:02:55:39:8b:
+                    7f:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83
+    Signature Algorithm: sha256WithRSAEncryption
+         4b:36:a6:84:77:69:dd:3b:19:9f:67:23:08:6f:0e:61:c9:fd:
+         84:dc:5f:d8:36:81:cd:d8:1b:41:2d:9f:60:dd:c7:1a:68:d9:
+         d1:6e:86:e1:88:23:cf:13:de:43:cf:e2:34:b3:04:9d:1f:29:
+         d5:bf:f8:5e:c8:d5:c1:bd:ee:92:6f:32:74:f2:91:82:2f:bd:
+         82:42:7a:ad:2a:b7:20:7d:4d:bc:7a:55:12:c2:15:ea:bd:f7:
+         6a:95:2e:6c:74:9f:cf:1c:b4:f2:c5:01:a3:85:d0:72:3e:ad:
+         73:ab:0b:9b:75:0c:6d:45:b7:8e:94:ac:96:37:b5:a0:d0:8f:
+         15:47:0e:e3:e8:83:dd:8f:fd:ef:41:01:77:cc:27:a9:62:85:
+         33:f2:37:08:ef:71:cf:77:06:de:c8:19:1d:88:40:cf:7d:46:
+         1d:ff:1e:c7:e1:ce:ff:23:db:c6:fa:8d:55:4e:a9:02:e7:47:
+         11:46:3e:f4:fd:bd:7b:29:26:bb:a9:61:62:37:28:b6:2d:2a:
+         f6:10:86:64:c9:70:a7:d2:ad:b7:29:70:79:ea:3c:da:63:25:
+         9f:fd:68:b7:30:ec:70:fb:75:8a:b7:6d:60:67:b2:1e:c8:b9:
+         e9:d8:a8:6f:02:8b:67:0d:4d:26:57:71:da:20:fc:c1:4a:50:
+         8d:b1:28:ba
+SHA1 Fingerprint=92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 59 (0x3b)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
+        Validity
+            Not Before: Jan  1 01:00:01 2010 GMT
+            Not After : Dec 31 23:59:01 2039 GMT
+        Subject: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b6:89:36:5b:07:b7:20:36:bd:82:bb:e1:16:20:
+                    03:95:7a:af:0e:a3:55:c9:25:99:4a:c5:d0:56:41:
+                    87:90:4d:21:60:a4:14:87:3b:cd:fd:b2:3e:b4:67:
+                    03:6a:ed:e1:0f:4b:c0:91:85:70:45:e0:42:9e:de:
+                    29:23:d4:01:0d:a0:10:79:b8:db:03:bd:f3:a9:2f:
+                    d1:c6:e0:0f:cb:9e:8a:14:0a:b8:bd:f6:56:62:f1:
+                    c5:72:b6:32:25:d9:b2:f3:bd:65:c5:0d:2c:6e:d5:
+                    92:6f:18:8b:00:41:14:82:6f:40:20:26:7a:28:0f:
+                    f5:1e:7f:27:f7:94:b1:37:3d:b7:c7:91:f7:e2:01:
+                    ec:fd:94:89:e1:cc:6e:d3:36:d6:0a:19:79:ae:d7:
+                    34:82:65:ff:7c:42:bb:b6:dd:0b:a6:34:af:4b:60:
+                    fe:7f:43:49:06:8b:8c:43:b8:56:f2:d9:7f:21:43:
+                    17:ea:a7:48:95:01:75:75:ea:2b:a5:43:95:ea:15:
+                    84:9d:08:8d:26:6e:55:9b:ab:dc:d2:39:d2:31:1d:
+                    60:e2:ac:cc:56:45:24:f5:1c:54:ab:ee:86:dd:96:
+                    32:85:f8:4c:4f:e8:95:76:b6:05:dd:36:23:67:bc:
+                    ff:15:e2:ca:3b:e6:a6:ec:3b:ec:26:11:34:48:8d:
+                    f6:80:2b:1a:23:02:eb:8a:1c:3a:76:2a:7b:56:16:
+                    1c:72:2a:b3:aa:e3:60:a5:00:9f:04:9b:e2:6f:1e:
+                    14:58:5b:a5:6c:8b:58:3c:c3:ba:4e:3a:5c:f7:e1:
+                    96:2b:3e:ef:07:bc:a4:e5:5d:cc:4d:9f:0d:e1:dc:
+                    aa:bb:e1:6e:1a:ec:8f:e1:b6:4c:4d:79:72:5d:17:
+                    35:0b:1d:d7:c1:47:da:96:24:e0:d0:72:a8:5a:5f:
+                    66:2d:10:dc:2f:2a:13:ae:26:fe:0a:1c:19:cc:d0:
+                    3e:0b:9c:c8:09:2e:f9:5b:96:7a:47:9c:e9:7a:f3:
+                    05:50:74:95:73:9e:30:09:f3:97:82:5e:e6:8f:39:
+                    08:1e:59:e5:35:14:42:13:ff:00:9c:f7:be:aa:50:
+                    cf:e2:51:48:d7:b8:6f:af:f8:4e:7e:33:98:92:14:
+                    62:3a:75:63:cf:7b:fa:de:82:3b:a9:bb:39:e2:c4:
+                    bd:2c:00:0e:c8:17:ac:13:ef:4d:25:8e:d8:b3:90:
+                    2f:a9:da:29:7d:1d:af:74:3a:b2:27:c0:c1:1e:3e:
+                    75:a3:16:a9:af:7a:22:5d:9f:13:1a:cf:a7:a0:eb:
+                    e3:86:0a:d3:fd:e6:96:95:d7:23:c8:37:dd:c4:7c:
+                    aa:36:ac:98:1a:12:b1:e0:4e:e8:b1:3b:f5:d6:6f:
+                    f1:30:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                4B:C5:B4:40:6B:AD:1C:B3:A5:1C:65:6E:46:36:89:87:05:0C:0E:B6
+    Signature Algorithm: sha256WithRSAEncryption
+         73:57:3f:2c:d5:95:32:7e:37:db:96:92:eb:19:5e:7e:53:e7:
+         41:ec:11:b6:47:ef:b5:de:ed:74:5c:c5:f1:8e:49:e0:fc:6e:
+         99:13:cd:9f:8a:da:cd:3a:0a:d8:3a:5a:09:3f:5f:34:d0:2f:
+         03:d2:66:1d:1a:bd:9c:90:37:c8:0c:8e:07:5a:94:45:46:2a:
+         e6:be:7a:da:a1:a9:a4:69:12:92:b0:7d:36:d4:44:87:d7:51:
+         f1:29:63:d6:75:cd:16:e4:27:89:1d:f8:c2:32:48:fd:db:99:
+         d0:8f:5f:54:74:cc:ac:67:34:11:62:d9:0c:0a:37:87:d1:a3:
+         17:48:8e:d2:17:1d:f6:d7:fd:db:65:eb:fd:a8:d4:f5:d6:4f:
+         a4:5b:75:e8:c5:d2:60:b2:db:09:7e:25:8b:7b:ba:52:92:9e:
+         3e:e8:c5:77:a1:3c:e0:4a:73:6b:61:cf:86:dc:43:ff:ff:21:
+         fe:23:5d:24:4a:f5:d3:6d:0f:62:04:05:57:82:da:6e:a4:33:
+         25:79:4b:2e:54:19:8b:cc:2c:3d:30:e9:d1:06:ff:e8:32:46:
+         be:b5:33:76:77:a8:01:5d:96:c1:c1:d5:be:ae:25:c0:c9:1e:
+         0a:09:20:88:a1:0e:c9:f3:6f:4d:82:54:00:20:a7:d2:8f:e4:
+         39:54:17:2e:8d:1e:b8:1b:bb:1b:bd:9a:4e:3b:10:34:dc:9c:
+         88:53:ef:a2:31:5b:58:4f:91:62:c8:c2:9a:9a:cd:15:5d:38:
+         a9:d6:be:f8:13:b5:9f:12:69:f2:50:62:ac:fb:17:37:f4:ee:
+         b8:75:67:60:10:fb:83:50:f9:44:b5:75:9c:40:17:b2:fe:fd:
+         79:5d:6e:58:58:5f:30:fc:00:ae:af:33:c1:0e:4e:6c:ba:a7:
+         a6:a1:7f:32:db:38:e0:b1:72:17:0a:2b:91:ec:6a:63:26:ed:
+         89:d4:78:cc:74:1e:05:f8:6b:fe:8c:6a:76:39:29:ae:65:23:
+         12:95:08:22:1c:97:ce:5b:06:ee:0c:e2:bb:bc:1f:44:93:f6:
+         d8:38:45:05:21:ed:e4:ad:ab:12:b6:03:a4:42:2e:2d:c4:09:
+         3a:03:67:69:84:9a:e1:59:90:8a:28:85:d5:5d:74:b1:d1:0e:
+         20:58:9b:13:a5:b0:63:a6:ed:7b:47:fd:45:55:30:a4:ee:9a:
+         d4:e6:e2:87:ef:98:c9:32:82:11:29:22:bc:00:0a:31:5e:2d:
+         0f:c0:8e:e9:6b:b2:8f:2e:06:d8:d1:91:c7:c6:12:f4:4c:fd:
+         30:17:c3:c1:da:38:5b:e3:a9:ea:e6:a1:ba:79:ef:73:d8:b6:
+         53:57:2d:f6:d0:e1:d7:48
+SHA1 Fingerprint=31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
+-----BEGIN CERTIFICATE-----
+MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1
+OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG
+A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ
+JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD
+vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo
+D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/
+Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW
+RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK
+HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN
+nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM
+0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i
+UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9
+Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg
+TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL
+BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
+2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX
+UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl
+6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK
+9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ
+HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI
+wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY
+XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l
+IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo
+hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr
+so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
+        Validity
+            Not Before: Nov 17 00:00:00 2006 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59:
+                    73:09:10:45:0c:0d:2c:6e:68:f1:6c:5b:48:68:49:
+                    59:37:fc:0b:33:19:c2:77:7f:cc:10:2d:95:34:1c:
+                    e6:eb:4d:09:a7:1c:d2:b8:c9:97:36:02:b7:89:d4:
+                    24:5f:06:c0:cc:44:94:94:8d:02:62:6f:eb:5a:dd:
+                    11:8d:28:9a:5c:84:90:10:7a:0d:bd:74:66:2f:6a:
+                    38:a0:e2:d5:54:44:eb:1d:07:9f:07:ba:6f:ee:e9:
+                    fd:4e:0b:29:f5:3e:84:a0:01:f1:9c:ab:f8:1c:7e:
+                    89:a4:e8:a1:d8:71:65:0d:a3:51:7b:ee:bc:d2:22:
+                    60:0d:b9:5b:9d:df:ba:fc:51:5b:0b:af:98:b2:e9:
+                    2e:e9:04:e8:62:87:de:2b:c8:d7:4e:c1:4c:64:1e:
+                    dd:cf:87:58:ba:4a:4f:ca:68:07:1d:1c:9d:4a:c6:
+                    d5:2f:91:cc:7c:71:72:1c:c5:c0:67:eb:32:fd:c9:
+                    92:5c:94:da:85:c0:9b:bf:53:7d:2b:09:f4:8c:9d:
+                    91:1f:97:6a:52:cb:de:09:36:a4:77:d8:7b:87:50:
+                    44:d5:3e:6e:29:69:fb:39:49:26:1e:09:a5:80:7b:
+                    40:2d:eb:e8:27:85:c9:fe:61:fd:7e:e6:7c:97:1d:
+                    d5:9d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50
+    Signature Algorithm: sha1WithRSAEncryption
+         79:11:c0:4b:b3:91:b6:fc:f0:e9:67:d4:0d:6e:45:be:55:e8:
+         93:d2:ce:03:3f:ed:da:25:b0:1d:57:cb:1e:3a:76:a0:4c:ec:
+         50:76:e8:64:72:0c:a4:a9:f1:b8:8b:d6:d6:87:84:bb:32:e5:
+         41:11:c0:77:d9:b3:60:9d:eb:1b:d5:d1:6e:44:44:a9:a6:01:
+         ec:55:62:1d:77:b8:5c:8e:48:49:7c:9c:3b:57:11:ac:ad:73:
+         37:8e:2f:78:5c:90:68:47:d9:60:60:e6:fc:07:3d:22:20:17:
+         c4:f7:16:e9:c4:d8:72:f9:c8:73:7c:df:16:2f:15:a9:3e:fd:
+         6a:27:b6:a1:eb:5a:ba:98:1f:d5:e3:4d:64:0a:9d:13:c8:61:
+         ba:f5:39:1c:87:ba:b8:bd:7b:22:7f:f6:fe:ac:40:79:e5:ac:
+         10:6f:3d:8f:1b:79:76:8b:c4:37:b3:21:18:84:e5:36:00:eb:
+         63:20:99:b9:e9:fe:33:04:bb:41:c8:c1:02:f9:44:63:20:9e:
+         81:ce:42:d3:d6:3f:2c:76:d3:63:9c:59:dd:8f:a6:e1:0e:a0:
+         2e:41:f7:2e:95:47:cf:bc:fd:33:f3:f6:0b:61:7e:7e:91:2b:
+         81:47:c2:27:30:ee:a7:10:5d:37:8f:5c:39:2b:e4:04:f0:7b:
+         8d:56:8c:68
+SHA1 Fingerprint=91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
+    Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
+        Validity
+            Not Before: Nov  5 00:00:00 2007 GMT
+            Not After : Jan 18 23:59:59 2038 GMT
+        Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub: 
+                    04:a2:d5:9c:82:7b:95:9d:f1:52:78:87:fe:8a:16:
+                    bf:05:e6:df:a3:02:4f:0d:07:c6:00:51:ba:0c:02:
+                    52:2d:22:a4:42:39:c4:fe:8f:ea:c9:c1:be:d4:4d:
+                    ff:9f:7a:9e:e2:b1:7c:9a:ad:a7:86:09:73:87:d1:
+                    e7:9a:e3:7a:a5:aa:6e:fb:ba:b3:70:c0:67:88:a2:
+                    35:d4:a3:9a:b1:fd:ad:c2:ef:31:fa:a8:b9:f3:fb:
+                    08:c6:91:d1:fb:29:95
+                ASN1 OID: secp384r1
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                9A:D8:00:30:00:E7:6B:7F:85:18:EE:8B:B6:CE:8A:0C:F8:11:E1:BB
+    Signature Algorithm: ecdsa-with-SHA384
+         30:66:02:31:00:dd:f8:e0:57:47:5b:a7:e6:0a:c3:bd:f5:80:
+         8a:97:35:0d:1b:89:3c:54:86:77:28:ca:a1:f4:79:de:b5:e6:
+         38:b0:f0:65:70:8c:7f:02:54:c2:bf:ff:d8:a1:3e:d9:cf:02:
+         31:00:c4:8d:94:fc:dc:53:d2:dc:9d:78:16:1f:15:33:23:53:
+         52:e3:5a:31:5d:9d:ca:ae:bd:13:29:44:0d:27:5b:a8:e7:68:
+         9c:12:f7:58:3f:2e:72:02:57:a3:8f:a1:14:2e
+SHA1 Fingerprint=AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
+IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
+BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
+MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
+YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
+dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
+BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
+papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
+DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
+KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
+XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
+        Validity
+            Not Before: Apr  2 00:00:00 2008 GMT
+            Not After : Dec  1 23:59:59 2037 GMT
+        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b2:bf:27:2c:fb:db:d8:5b:dd:78:7b:1b:9e:77:
+                    66:81:cb:3e:bc:7c:ae:f3:a6:27:9a:34:a3:68:31:
+                    71:38:33:62:e4:f3:71:66:79:b1:a9:65:a3:a5:8b:
+                    d5:8f:60:2d:3f:42:cc:aa:6b:32:c0:23:cb:2c:41:
+                    dd:e4:df:fc:61:9c:e2:73:b2:22:95:11:43:18:5f:
+                    c4:b6:1f:57:6c:0a:05:58:22:c8:36:4c:3a:7c:a5:
+                    d1:cf:86:af:88:a7:44:02:13:74:71:73:0a:42:59:
+                    02:f8:1b:14:6b:42:df:6f:5f:ba:6b:82:a2:9d:5b:
+                    e7:4a:bd:1e:01:72:db:4b:74:e8:3b:7f:7f:7d:1f:
+                    04:b4:26:9b:e0:b4:5a:ac:47:3d:55:b8:d7:b0:26:
+                    52:28:01:31:40:66:d8:d9:24:bd:f6:2a:d8:ec:21:
+                    49:5c:9b:f6:7a:e9:7f:55:35:7e:96:6b:8d:93:93:
+                    27:cb:92:bb:ea:ac:40:c0:9f:c2:f8:80:cf:5d:f4:
+                    5a:dc:ce:74:86:a6:3e:6c:0b:53:ca:bd:92:ce:19:
+                    06:72:e6:0c:5c:38:69:c7:04:d6:bc:6c:ce:5b:f6:
+                    f7:68:9c:dc:25:15:48:88:a1:e9:a9:f8:98:9c:e0:
+                    f3:d5:31:28:61:11:6c:67:96:8d:39:99:cb:c2:45:
+                    24:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                AD:6C:AA:94:60:9C:ED:E4:FF:FA:3E:0A:74:2B:63:03:F7:B6:59:BF
+    Signature Algorithm: sha256WithRSAEncryption
+         1a:40:d8:95:65:ac:09:92:89:c6:39:f4:10:e5:a9:0e:66:53:
+         5d:78:de:fa:24:91:bb:e7:44:51:df:c6:16:34:0a:ef:6a:44:
+         51:ea:2b:07:8a:03:7a:c3:eb:3f:0a:2c:52:16:a0:2b:43:b9:
+         25:90:3f:70:a9:33:25:6d:45:1a:28:3b:27:cf:aa:c3:29:42:
+         1b:df:3b:4c:c0:33:34:5b:41:88:bf:6b:2b:65:af:28:ef:b2:
+         f5:c3:aa:66:ce:7b:56:ee:b7:c8:cb:67:c1:c9:9c:1a:18:b8:
+         c4:c3:49:03:f1:60:0e:50:cd:46:c5:f3:77:79:f7:b6:15:e0:
+         38:db:c7:2f:28:a0:0c:3f:77:26:74:d9:25:12:da:31:da:1a:
+         1e:dc:29:41:91:22:3c:69:a7:bb:02:f2:b6:5c:27:03:89:f4:
+         06:ea:9b:e4:72:82:e3:a1:09:c1:e9:00:19:d3:3e:d4:70:6b:
+         ba:71:a6:aa:58:ae:f4:bb:e9:6c:b6:ef:87:cc:9b:bb:ff:39:
+         e6:56:61:d3:0a:a7:c4:5c:4c:60:7b:05:77:26:7a:bf:d8:07:
+         52:2c:62:f7:70:63:d9:39:bc:6f:1c:c2:79:dc:76:29:af:ce:
+         c5:2c:64:04:5e:88:36:6e:31:d4:40:1a:62:34:36:3f:35:01:
+         ae:ac:63:a0
+SHA1 Fingerprint=F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
+MdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
+        Validity
+            Not Before: May 30 10:48:38 2000 GMT
+            Not After : May 30 10:48:38 2020 GMT
+        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
+                    1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
+                    a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
+                    cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
+                    2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
+                    56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
+                    5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
+                    87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
+                    71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
+                    69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
+                    ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
+                    6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
+                    37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
+                    45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
+                    c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
+                    a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
+                    b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
+                    5a:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
+                DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+                serial:01
+
+    Signature Algorithm: sha1WithRSAEncryption
+         b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
+         84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
+         6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
+         bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
+         de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
+         14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
+         93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
+         63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
+         a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
+         45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
+         91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
+         8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
+         60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
+         0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
+         8f:4e:86:04
+SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
+        Validity
+            Not Before: Jan  1 00:00:00 2004 GMT
+            Not After : Dec 31 23:59:59 2028 GMT
+        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:be:40:9d:f4:6e:e1:ea:76:87:1c:4d:45:44:8e:
+                    be:46:c8:83:06:9d:c1:2a:fe:18:1f:8e:e4:02:fa:
+                    f3:ab:5d:50:8a:16:31:0b:9a:06:d0:c5:70:22:cd:
+                    49:2d:54:63:cc:b6:6e:68:46:0b:53:ea:cb:4c:24:
+                    c0:bc:72:4e:ea:f1:15:ae:f4:54:9a:12:0a:c3:7a:
+                    b2:33:60:e2:da:89:55:f3:22:58:f3:de:dc:cf:ef:
+                    83:86:a2:8c:94:4f:9f:68:f2:98:90:46:84:27:c7:
+                    76:bf:e3:cc:35:2c:8b:5e:07:64:65:82:c0:48:b0:
+                    a8:91:f9:61:9f:76:20:50:a8:91:c7:66:b5:eb:78:
+                    62:03:56:f0:8a:1a:13:ea:31:a3:1e:a0:99:fd:38:
+                    f6:f6:27:32:58:6f:07:f5:6b:b8:fb:14:2b:af:b7:
+                    aa:cc:d6:63:5f:73:8c:da:05:99:a8:38:a8:cb:17:
+                    78:36:51:ac:e9:9e:f4:78:3a:8d:cf:0f:d9:42:e2:
+                    98:0c:ab:2f:9f:0e:01:de:ef:9f:99:49:f1:2d:df:
+                    ac:74:4d:1b:98:b5:47:c5:e5:29:d1:f9:90:18:c7:
+                    62:9c:be:83:c7:26:7b:3e:8a:25:c7:c0:dd:9d:e6:
+                    35:68:10:20:9d:8f:d8:de:d2:c3:84:9c:0d:5e:e8:
+                    2f:c9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.comodoca.com/AAACertificateServices.crl
+
+                Full Name:
+                  URI:http://crl.comodo.net/AAACertificateServices.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+         08:56:fc:02:f0:9b:e8:ff:a4:fa:d6:7b:c6:44:80:ce:4f:c4:
+         c5:f6:00:58:cc:a6:b6:bc:14:49:68:04:76:e8:e6:ee:5d:ec:
+         02:0f:60:d6:8d:50:18:4f:26:4e:01:e3:e6:b0:a5:ee:bf:bc:
+         74:54:41:bf:fd:fc:12:b8:c7:4f:5a:f4:89:60:05:7f:60:b7:
+         05:4a:f3:f6:f1:c2:bf:c4:b9:74:86:b6:2d:7d:6b:cc:d2:f3:
+         46:dd:2f:c6:e0:6a:c3:c3:34:03:2c:7d:96:dd:5a:c2:0e:a7:
+         0a:99:c1:05:8b:ab:0c:2f:f3:5c:3a:cf:6c:37:55:09:87:de:
+         53:40:6c:58:ef:fc:b6:ab:65:6e:04:f6:1b:dc:3c:e0:5a:15:
+         c6:9e:d9:f1:59:48:30:21:65:03:6c:ec:e9:21:73:ec:9b:03:
+         a1:e0:37:ad:a0:15:18:8f:fa:ba:02:ce:a7:2c:a9:10:13:2c:
+         d4:e5:08:26:ab:22:97:60:f8:90:5e:74:d4:a2:9a:53:bd:f2:
+         a9:68:e0:a2:6e:c2:d7:6c:b1:a3:0f:9e:bf:eb:68:e7:56:f2:
+         ae:f2:e3:2b:38:3a:09:81:b5:6b:85:d7:be:2d:ed:3f:1a:b7:
+         b2:63:e2:f5:62:2c:82:d4:6a:00:41:50:f1:39:83:9f:95:e9:
+         36:96:98:6e
+SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+        Validity
+            Not Before: Jul  9 18:10:42 1999 GMT
+            Not After : Jul  9 18:19:22 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b1:f7:c3:38:3f:b4:a8:7f:cf:39:82:51:67:d0:
+                    6d:9f:d2:ff:58:f3:e7:9f:2b:ec:0d:89:54:99:b9:
+                    38:99:16:f7:e0:21:79:48:c2:bb:61:74:12:96:1d:
+                    3c:6a:72:d5:3c:10:67:3a:39:ed:2b:13:cd:66:eb:
+                    95:09:33:a4:6c:97:b1:e8:c6:ec:c1:75:79:9c:46:
+                    5e:8d:ab:d0:6a:fd:b9:2a:55:17:10:54:b3:19:f0:
+                    9a:f6:f1:b1:5d:b6:a7:6d:fb:e0:71:17:6b:a2:88:
+                    fb:00:df:fe:1a:31:77:0c:9a:01:7a:b1:32:e3:2b:
+                    01:07:38:6e:c3:a5:5e:23:bc:45:9b:7b:50:c1:c9:
+                    30:8f:db:e5:2b:7a:d3:5b:fb:33:40:1e:a0:d5:98:
+                    17:bc:8b:87:c3:89:d3:5d:a0:8e:b2:aa:aa:f6:8e:
+                    69:88:06:c5:fa:89:21:f3:08:9d:69:2e:09:33:9b:
+                    29:0d:46:0f:8c:cc:49:34:b0:69:51:bd:f9:06:cd:
+                    68:ad:66:4c:bc:3e:ac:61:bd:0a:88:0e:c8:df:3d:
+                    ee:7c:04:4c:9d:0a:5e:6b:91:d6:ee:c7:ed:28:8d:
+                    ab:4d:87:89:73:d0:6e:a4:d0:1e:16:8b:14:e1:76:
+                    44:03:7f:63:ac:e4:cd:49:9c:c5:92:f4:ab:32:a1:
+                    48:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
+    Signature Algorithm: sha1WithRSAEncryption
+         47:19:0f:de:74:c6:99:97:af:fc:ad:28:5e:75:8e:eb:2d:67:
+         ee:4e:7b:2b:d7:0c:ff:f6:de:cb:55:a2:0a:e1:4c:54:65:93:
+         60:6b:9f:12:9c:ad:5e:83:2c:eb:5a:ae:c0:e4:2d:f4:00:63:
+         1d:b8:c0:6c:f2:cf:49:bb:4d:93:6f:06:a6:0a:22:b2:49:62:
+         08:4e:ff:c8:c8:14:b2:88:16:5d:e7:01:e4:12:95:e5:45:34:
+         b3:8b:69:bd:cf:b4:85:8f:75:51:9e:7d:3a:38:3a:14:48:12:
+         c6:fb:a7:3b:1a:8d:0d:82:40:07:e8:04:08:90:a1:89:cb:19:
+         50:df:ca:1c:01:bc:1d:04:19:7b:10:76:97:3b:ee:90:90:ca:
+         c4:0e:1f:16:6e:75:ef:33:f8:d3:6f:5b:1e:96:e3:e0:74:77:
+         74:7b:8a:a2:6e:2d:dd:76:d6:39:30:82:f0:ab:9c:52:f2:2a:
+         c7:af:49:5e:7e:c7:68:e5:82:81:c8:6a:27:f9:27:88:2a:d5:
+         58:50:95:1f:f0:3b:1c:57:bb:7d:14:39:62:2b:9a:c9:94:92:
+         2a:a3:22:0c:ff:89:26:7d:5f:23:2b:47:d7:15:1d:a9:6a:9e:
+         51:0d:2a:51:9e:81:f9:d4:3b:5e:70:12:7f:10:32:9c:1e:bb:
+         9d:f8:66:a8
+SHA1 Fingerprint=04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 33554617 (0x20000b9)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
+        Validity
+            Not Before: May 12 18:46:00 2000 GMT
+            Not After : May 12 23:59:00 2025 GMT
+        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
+                    d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
+                    64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
+                    62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
+                    52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
+                    73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
+                    50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
+                    a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
+                    70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
+                    d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
+                    5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
+                    98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
+                    ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
+                    39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
+                    c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
+                    ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
+                    78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
+                    1a:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:3
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+         85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
+         bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
+         76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
+         12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
+         ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
+         74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
+         05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
+         31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
+         9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
+         1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
+         73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
+         7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
+         9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
+         fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
+         ea:63:39:a9
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 38 (0x26)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
+        Validity
+            Not Before: Jul  9 12:11:00 1999 GMT
+            Not After : Jul  9 23:59:00 2019 GMT
+        Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ab:0b:a3:35:e0:8b:29:14:b1:14:85:af:3c:10:
+                    e4:39:6f:35:5d:4a:ae:dd:ea:61:8d:95:49:f4:6f:
+                    64:a3:1a:60:66:a4:a9:40:22:84:d9:d4:a5:e5:78:
+                    93:0e:68:01:ad:b9:4d:5c:3a:ce:d3:b8:a8:42:40:
+                    df:cf:a3:ba:82:59:6a:92:1b:ac:1c:9a:da:08:2b:
+                    25:27:f9:69:23:47:f1:e0:eb:2c:7a:9b:f5:13:02:
+                    d0:7e:34:7c:c2:9e:3c:00:59:ab:f5:da:0c:f5:32:
+                    3c:2b:ac:50:da:d6:c3:de:83:94:ca:a8:0c:99:32:
+                    0e:08:48:56:5b:6a:fb:da:e1:58:58:01:49:5f:72:
+                    41:3c:15:06:01:8e:5d:ad:aa:b8:93:b4:cd:9e:eb:
+                    a7:e8:6a:2d:52:34:db:3a:ef:5c:75:51:da:db:f3:
+                    31:f9:ee:71:98:32:c4:54:15:44:0c:f9:9b:55:ed:
+                    ad:df:18:08:a0:a3:86:8a:49:ee:53:05:8f:19:4c:
+                    d5:de:58:79:9b:d2:6a:1c:42:ab:c5:d5:a7:cf:68:
+                    0f:96:e4:e1:61:98:76:61:c8:91:7c:d6:3e:00:e2:
+                    91:50:87:e1:9d:0a:e6:ad:97:d2:1d:c6:3a:7d:cb:
+                    bc:da:03:34:d5:8e:5b:01:f5:6a:07:b7:16:b6:6e:
+                    4a:7f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                31:C3:79:1B:BA:F5:53:D7:17:E0:89:7A:2D:17:6C:0A:B3:2B:9D:33
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+         94:64:59:ad:39:64:e7:29:eb:13:fe:5a:c3:8b:13:57:c8:04:
+         24:f0:74:77:c0:60:e3:67:fb:e9:89:a6:83:bf:96:82:7c:6e:
+         d4:c3:3d:ef:9e:80:6e:bb:29:b4:98:7a:b1:3b:54:eb:39:17:
+         47:7e:1a:8e:0b:fc:1f:31:59:31:04:b2:ce:17:f3:2c:c7:62:
+         36:55:e2:22:d8:89:55:b4:98:48:aa:64:fa:d6:1c:36:d8:44:
+         78:5a:5a:23:3a:57:97:f5:7a:30:4f:ae:9f:6a:4c:4b:2b:8e:
+         a0:03:e3:3e:e0:a9:d4:d2:7b:d2:b3:a8:e2:72:3c:ad:9e:ff:
+         80:59:e4:9b:45:b4:f6:3b:b0:cd:39:19:98:32:e5:ea:21:61:
+         90:e4:31:21:8e:34:b1:f7:2f:35:4a:85:10:da:e7:8a:37:21:
+         be:59:63:e0:f2:85:88:31:53:d4:54:14:85:70:79:f4:2e:06:
+         77:27:75:2f:1f:b8:8a:f9:fe:c5:ba:d8:36:e4:83:ec:e7:65:
+         b7:bf:63:5a:f3:46:af:81:94:37:d4:41:8c:d6:23:d6:1e:cf:
+         f5:68:1b:44:63:a2:5a:ba:a7:35:59:a1:e5:70:05:9b:0e:23:
+         57:99:94:0a:6d:ba:39:63:28:86:92:f3:18:84:d8:fb:d1:cf:
+         05:56:64:57
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
+        Validity
+            Not Before: Oct  1 10:40:14 2008 GMT
+            Not After : Oct  1 23:59:59 2033 GMT
+        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:aa:5f:da:1b:5f:e8:73:91:e5:da:5c:f4:a2:e6:
+                    47:e5:f3:68:55:60:05:1d:02:a4:b3:9b:59:f3:1e:
+                    8a:af:34:ad:fc:0d:c2:d9:48:19:ee:69:8f:c9:20:
+                    fc:21:aa:07:19:ed:b0:5c:ac:65:c7:5f:ed:02:7c:
+                    7b:7c:2d:1b:d6:ba:b9:80:c2:18:82:16:84:fa:66:
+                    b0:08:c6:54:23:81:e4:cd:b9:49:3f:f6:4f:6e:37:
+                    48:28:38:0f:c5:be:e7:68:70:fd:39:97:4d:d2:c7:
+                    98:91:50:aa:c4:44:b3:23:7d:39:47:e9:52:62:d6:
+                    12:93:5e:b7:31:96:42:05:fb:76:a7:1e:a3:f5:c2:
+                    fc:e9:7a:c5:6c:a9:71:4f:ea:cb:78:bc:60:af:c7:
+                    de:f4:d9:cb:be:7e:33:a5:6e:94:83:f0:34:fa:21:
+                    ab:ea:8e:72:a0:3f:a4:de:30:5b:ef:86:4d:6a:95:
+                    5b:43:44:a8:10:15:1c:e5:01:57:c5:98:f1:e6:06:
+                    28:91:aa:20:c5:b7:53:26:51:43:b2:0b:11:95:58:
+                    e1:c0:0f:76:d9:c0:8d:7c:81:f3:72:70:9e:6f:fe:
+                    1a:8e:d9:5f:35:c6:b2:6f:34:7c:be:48:4f:e2:5a:
+                    39:d7:d8:9d:78:9e:9f:86:3e:03:5e:19:8b:44:a2:
+                    d5:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A
+    Signature Algorithm: sha256WithRSAEncryption
+         31:03:a2:61:0b:1f:74:e8:72:36:c6:6d:f9:4d:9e:fa:22:a8:
+         e1:81:56:cf:cd:bb:9f:ea:ab:91:19:38:af:aa:7c:15:4d:f3:
+         b6:a3:8d:a5:f4:8e:f6:44:a9:a7:e8:21:95:ad:3e:00:62:16:
+         88:f0:02:ba:fc:61:23:e6:33:9b:30:7a:6b:36:62:7b:ad:04:
+         23:84:58:65:e2:db:2b:8a:e7:25:53:37:62:53:5f:bc:da:01:
+         62:29:a2:a6:27:71:e6:3a:22:7e:c1:6f:1d:95:70:20:4a:07:
+         34:df:ea:ff:15:80:e5:ba:d7:7a:d8:5b:75:7c:05:7a:29:47:
+         7e:40:a8:31:13:77:cd:40:3b:b4:51:47:7a:2e:11:e3:47:11:
+         de:9d:66:d0:8b:d5:54:66:fa:83:55:ea:7c:c2:29:89:1b:e9:
+         6f:b3:ce:e2:05:84:c9:2f:3e:78:85:62:6e:c9:5f:c1:78:63:
+         74:58:c0:48:18:0c:99:39:eb:a4:cc:1a:b5:79:5a:8d:15:9c:
+         d8:14:0d:f6:7a:07:57:c7:22:83:05:2d:3c:9b:25:26:3d:18:
+         b3:a9:43:7c:c8:c8:ab:64:8f:0e:a3:bf:9c:1b:9d:30:db:da:
+         d0:19:2e:aa:3c:f1:fb:33:80:76:e4:cd:ad:19:4f:05:27:8e:
+         13:a1:6e:c2
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
+BSeOE6Fuwg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
+        Validity
+            Not Before: Oct  1 10:29:56 2008 GMT
+            Not After : Oct  1 23:59:59 2033 GMT
+        Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bd:75:93:f0:62:22:6f:24:ae:e0:7a:76:ac:7d:
+                    bd:d9:24:d5:b8:b7:fc:cd:f0:42:e0:eb:78:88:56:
+                    5e:9b:9a:54:1d:4d:0c:8a:f6:d3:cf:70:f4:52:b5:
+                    d8:93:04:e3:46:86:71:41:4a:2b:f0:2a:2c:55:03:
+                    d6:48:c3:e0:39:38:ed:f2:5c:3c:3f:44:bc:93:3d:
+                    61:ab:4e:cd:0d:be:f0:20:27:58:0e:44:7f:04:1a:
+                    87:a5:d7:96:14:36:90:d0:49:7b:a1:75:fb:1a:6b:
+                    73:b1:f8:ce:a9:09:2c:f2:53:d5:c3:14:44:b8:86:
+                    a5:f6:8b:2b:39:da:a3:33:54:d9:fa:72:1a:f7:22:
+                    15:1c:88:91:6b:7f:66:e5:c3:6a:80:b0:24:f3:df:
+                    86:45:88:fd:19:7f:75:87:1f:1f:b1:1b:0a:73:24:
+                    5b:b9:65:e0:2c:54:c8:60:d3:66:17:3f:e1:cc:54:
+                    33:73:91:02:3a:a6:7f:7b:76:39:a2:1f:96:b6:38:
+                    ae:b5:c8:93:74:1d:9e:b9:b4:e5:60:9d:2f:56:d1:
+                    e0:eb:5e:5b:4c:12:70:0c:6c:44:20:ab:11:d8:f4:
+                    19:f6:d2:9c:52:37:e7:fa:b6:c2:31:3b:4a:d4:14:
+                    99:ad:c7:1a:f5:5d:5f:fa:07:b8:7c:0d:1f:d6:83:
+                    1e:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA
+    Signature Algorithm: sha256WithRSAEncryption
+         56:3d:ef:94:d5:bd:da:73:b2:58:be:ae:90:ad:98:27:97:fe:
+         01:b1:b0:52:00:b8:4d:e4:1b:21:74:1b:7e:c0:ee:5e:69:2a:
+         25:af:5c:d6:1d:da:d2:79:c9:f3:97:29:e0:86:87:de:04:59:
+         0f:f1:59:d4:64:85:4b:99:af:25:04:1e:c9:46:a9:97:de:82:
+         b2:1b:70:9f:9c:f6:af:71:31:dd:7b:05:a5:2c:d3:b9:ca:47:
+         f6:ca:f2:f6:e7:ad:b9:48:3f:bc:16:b7:c1:6d:f4:ea:09:af:
+         ec:f3:b5:e7:05:9e:a6:1e:8a:53:51:d6:93:81:cc:74:93:f6:
+         b9:da:a6:25:05:74:79:5a:7e:40:3e:82:4b:26:11:30:6e:e1:
+         3f:41:c7:47:00:35:d5:f5:d3:f7:54:3e:81:3d:da:49:6a:9a:
+         b3:ef:10:3d:e6:eb:6f:d1:c8:22:47:cb:cc:cf:01:31:92:d9:
+         18:e3:22:be:09:1e:1a:3e:5a:b2:e4:6b:0c:54:7a:7d:43:4e:
+         b8:89:a5:7b:d7:a2:3d:96:86:cc:f2:26:34:2d:6a:92:9d:9a:
+         1a:d0:30:e2:5d:4e:04:b0:5f:8b:20:7e:77:c1:3d:95:82:d1:
+         46:9a:3b:3c:78:b8:6f:a1:d0:0d:64:a2:78:1e:29:4e:93:c3:
+         a4:54:14:5b
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN
+8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/
+RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4
+hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5
+ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM
+EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1
+A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy
+WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ
+1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
+6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
+91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
+TpPDpFQUWw==
+-----END CERTIFICATE-----
diff --git a/src/lib/libcrypto/cmac/Makefile b/src/lib/libcrypto/cmac/Makefile
new file mode 100644
index 0000000000..54e7cc39d5
--- /dev/null
+++ b/src/lib/libcrypto/cmac/Makefile
@@ -0,0 +1,111 @@
+#
+# OpenSSL/crypto/cmac/Makefile
+#
+
+DIR=    cmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=cmac.c cm_ameth.c cm_pmeth.c
+LIBOBJ=cmac.o cm_ameth.o cm_pmeth.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+cm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cm_ameth.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
+cm_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+cm_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cm_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cm_ameth.o: ../../include/openssl/opensslconf.h
+cm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
+cm_ameth.o: cm_ameth.c
+cm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+cm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cm_pmeth.o: ../../include/openssl/cmac.h ../../include/openssl/conf.h
+cm_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cm_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cm_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cm_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cm_pmeth.o: ../../include/openssl/opensslconf.h
+cm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h cm_pmeth.c
+cmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cmac.o: ../../include/openssl/buffer.h ../../include/openssl/cmac.h
+cmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cmac.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmac.o: ../../include/openssl/symhacks.h ../cryptlib.h cmac.c
diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile
new file mode 100644
index 0000000000..9820adb212
--- /dev/null
+++ b/src/lib/libcrypto/cms/Makefile
@@ -0,0 +1,284 @@
+#
+# OpenSSL/crypto/cms/Makefile
+#
+
+DIR=    cms
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
+        cms_pwri.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+        cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
+        cms_pwri.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  cms.h
+HEADER= cms_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_asn1.o: ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
+cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h
+cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h
+cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h
+cms_env.o: ../../e_os.h ../../include/openssl/aes.h
+cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
+cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h
+cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_err.o: cms_err.c
+cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h
+cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_io.o: cms_io.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_lib.o: cms_lcl.h cms_lib.c
+cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
+cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
+cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_pwri.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_pwri.o: ../../include/openssl/opensslconf.h
+cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
+cms_pwri.o: cms_lcl.h cms_pwri.c
+cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c
+cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_smime.o: ../../include/openssl/objects.h
+cms_smime.o: ../../include/openssl/opensslconf.h
+cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile
new file mode 100644
index 0000000000..efda832dce
--- /dev/null
+++ b/src/lib/libcrypto/comp/Makefile
@@ -0,0 +1,108 @@
+#
+# OpenSSL/crypto/comp/Makefile
+#
+
+DIR=    comp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c comp_err.c \
+        c_rle.c c_zlib.c
+
+LIBOBJ= comp_lib.o comp_err.o \
+        c_rle.o c_zlib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= comp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+c_rle.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_rle.o: ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_err.o: ../../include/openssl/symhacks.h comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile
new file mode 100644
index 0000000000..78bb324106
--- /dev/null
+++ b/src/lib/libcrypto/conf/Makefile
@@ -0,0 +1,152 @@
+#
+# OpenSSL/crypto/conf/Makefile
+#
+
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+         conf_mall.c conf_sap.c
+
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+        conf_mall.o conf_sap.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_api.o: ../../include/openssl/symhacks.h conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c
+conf_def.o: conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_err.o: ../../include/openssl/symhacks.h conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mod.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_mod.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/src/lib/libcrypto/conf/cnf_save.c b/src/lib/libcrypto/conf/cnf_save.c
new file mode 100644
index 0000000000..1439487526
--- /dev/null
+++ b/src/lib/libcrypto/conf/cnf_save.c
@@ -0,0 +1,106 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+
+static void print_conf(CONF_VALUE *cv);
+static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
+
+main()
+        {
+        LHASH *conf;
+        long l;
+
+        conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
+        if (conf == NULL)
+                {
+                fprintf(stderr,"error loading config, line %ld\n",l);
+                exit(1);
+                }
+
+        lh_doall(conf,LHASH_DOALL_FN(print_conf));
+        }
+
+
+static void print_conf(CONF_VALUE *cv)
+        {
+        int i;
+        CONF_VALUE *v;
+        char *section;
+        char *name;
+        char *value;
+        STACK *s;
+
+        /* If it is a single entry, return */
+
+        if (cv->name != NULL) return;
+
+        printf("[ %s ]\n",cv->section);
+        s=(STACK *)cv->value;
+
+        for (i=0; i<sk_num(s); i++)
+                {
+                v=(CONF_VALUE *)sk_value(s,i);
+                section=(v->section == NULL)?"None":v->section;
+                name=(v->name == NULL)?"None":v->name;
+                value=(v->value == NULL)?"None":v->value;
+                printf("%s=%s\n",name,value);
+                }
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c
index 213890e0c2..c6f4cb2d55 100644
--- a/src/lib/libcrypto/conf/conf_mall.c
+++ b/src/lib/libcrypto/conf/conf_mall.c
@@ -76,6 +76,5 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
         ENGINE_add_conf_module();
 #endif
-        EVP_add_alg_module();
         }
 
diff --git a/src/lib/libcrypto/conf/test.c b/src/lib/libcrypto/conf/test.c
new file mode 100644
index 0000000000..7fab85053e
--- /dev/null
+++ b/src/lib/libcrypto/conf/test.c
@@ -0,0 +1,98 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+
+main()
+        {
+        LHASH *conf;
+        long eline;
+        char *s,*s2;
+
+#ifdef USE_WIN32
+        CONF_set_default_method(CONF_WIN32);
+#endif
+        conf=CONF_load(NULL,"ssleay.cnf",&eline);
+        if (conf == NULL)
+                {
+                ERR_load_crypto_strings();
+                printf("unable to load configuration, line %ld\n",eline);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+                }
+        lh_stats(conf,stdout);
+        lh_node_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+
+        s=CONF_get_string(conf,NULL,"init2");
+        printf("init2=%s\n",(s == NULL)?"NULL":s);
+
+        s=CONF_get_string(conf,NULL,"cipher1");
+        printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+
+        s=CONF_get_string(conf,"s_client","cipher1");
+        printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+
+        printf("---------------------------- DUMP ------------------------\n");
+        CONF_dump_fp(conf, stdout);
+
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 0b77d8b7d0..766ea8cac7 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -504,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
         CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
 #else
         /* For everything else, default to using the address of 'errno' */
-        CRYPTO_THREADID_set_pointer(id, (void*)&errno);
+        CRYPTO_THREADID_set_pointer(id, &errno);
 #endif
         }
 
@@ -704,7 +704,6 @@ void OPENSSL_cpuid_setup(void)
     }
     else
         vec = OPENSSL_ia32_cpuid();
-
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
@@ -889,7 +888,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (check_winnt() && OPENSSL_isservice() > 0)
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
     {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
         const TCHAR *pmsg=buf;
         ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -925,16 +924,3 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
         }
 
 void *OPENSSL_stderr(void)      { return stderr; }
-
-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
-        {
-        size_t i;
-        const unsigned char *a = in_a;
-        const unsigned char *b = in_b;
-        unsigned char x = 0;
-
-        for (i = 0; i < len; i++)
-                x |= a[i] ^ b[i];
-
-        return x;
-        }
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index d26f9630ea..1761f6b668 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta,...);
+void OPENSSL_showfatal(const char *,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
new file mode 100644
index 0000000000..c280aa03a8
--- /dev/null
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -0,0 +1,1516 @@
+$!
+$!  CRYPTO-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!             Zoltan Arpadffy <arpadffy@polarhome.com>
+$!
+$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
+$!  IA64 or VAX.
+$!
+$!  It was re-written so it would try to determine what "C" compiler to use 
+$!  or you can specify which "C" compiler to use.
+$!
+$!  Specify the following as P1 to build just that part or ALL to just
+$!  build everything.
+$!
+$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$!      ALL        To do both LIBRARY and APPS
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!      VAXC       For VAX C.
+$!      DECC       For DEC C.
+$!      GNUC       For GNU C.
+$!
+$!  If you don't specify a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!      UCX        For UCX
+$!      TCPIP      For TCPIP (post UCX)
+$!      SOCKETSHR  For SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P6, if defined, sets a choice of crypto methods to compile.
+$!  WARNING: this should only be done to recompile some part of an already
+$!  fully compiled library.
+$!
+$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
+$!
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$!
+$!  The Architecture Is VAX
+$!
+$   ARCH = "VAX"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
+$!
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
+$! Define The Different Encryption Types.
+$! NOTE: Some might think this list ugly.  However, it's made this way to
+$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$!
+$ ET_WHIRLPOOL = "WHRLPOOL"
+$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
+$ ENCRYPT_TYPES = "Basic,"+ -
+                  "OBJECTS,"+ -
+                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
+                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
+                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
+                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
+                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
+                  "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Define The OBJ and EXE Directories.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
+$!
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Check.
+$!
+$ ENDIF
+$!
+$! Build our options file for the application
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Different Encryption "library" Strings.
+$!
+$ APPS_DES = "DES/DES,CBC3_ENC"
+$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
+$
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
+        "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers"
+$ LIB_MD2 = "md2_dgst,md2_one"
+$ LIB_MD4 = "md4_dgst,md4_one"
+$ LIB_MD5 = "md5_dgst,md5_one"
+$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
+$ LIB_MDC2 = "mdc2dgst,mdc2_one"
+$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
+$ LIB_RIPEMD = "rmd_dgst,rmd_one"
+$ LIB_WHRLPOOL = "wp_dgst,wp_block"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+        "enc_read,enc_writ,ofb64enc,"+ -
+        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+        "des_enc,fcrypt_b,"+ -
+        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
+        "ede_cbcm_enc,des_old,des_old2,read2pwd"
+$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
+$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl"
+$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
+$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
+$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
+$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
+$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
+        "cmll_cfb,cmll_ctr,cmll_utl"
+$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
+$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
+        "ccm128,xts128"
+$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
+     LIB_BN_ASM = "bn_asm"
+$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
+        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
+        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
+        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
+        "bn_depr,bn_const,bn_x931p"
+$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
+        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
+        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
+        "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ -
+        "ecp_oct,ec2_oct,ec_oct"
+$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
+        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
+        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
+        "rsa_pmeth,rsa_crpt"
+$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
+        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
+$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
+$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
+        "dh_ameth,dh_pmeth,dh_prn"
+$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
+$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
+        "dso_openssl,dso_win32,dso_vms,dso_beos"
+$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
+        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
+        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
+        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
+        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
+        "eng_rsax,eng_rdrand"
+$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
+        "aes_ige,aes_wrap"
+$ LIB_BUFFER = "buffer,buf_str,buf_err"
+$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
+        "bss_mem,bss_null,bss_fd,"+ -
+        "bss_file,bss_sock,bss_conn,"+ -
+        "bf_null,bf_buff,b_print,b_dump,"+ -
+        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+        "bss_dgram,"+ -
+        "bf_lbuf"
+$ LIB_STACK = "stack"
+$ LIB_LHASH = "lhash,lh_stats"
+$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
+        "rand_vms"
+$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
+        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
+        "e_rc4,e_aes,names,e_seed,"+ -
+        "e_xcbc_d,e_rc2,e_cast,e_rc5"
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
+        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
+        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
+        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
+        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
+        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
+        "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
+$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
+        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
+        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
+        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
+        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
+        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
+        "tasn_prn,ameth_lib,"+ -
+        "f_int,f_string,n_pkey,"+ -
+        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
+        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
+        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
+$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
+        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
+$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
+        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
+        "x509_set,x509cset,x509rset,x509_err,"+ -
+        "x509name,x509_v3,x509_ext,x509_att,"+ -
+        "x509type,x509_lu,x_all,x509_txt,"+ -
+        "x509_trs,by_file,by_dir,x509_vpm"
+$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
+        "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
+        "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
+        "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ -
+        "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ -
+        "v3_asid,v3_addr"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
+$ LIB_TXT_DB = "txt_db"
+$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
+        "pk7_mime,bio_pk7"
+$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
+        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
+        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
+$ LIB_COMP = "comp_lib,comp_err,"+ -
+        "c_rle,c_zlib"
+$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
+        "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
+$ LIB_UI_COMPAT = ",ui_compat"
+$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
+$ LIB_KRB5 = "krb5_asn"
+$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
+        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
+        "cms_pwri"
+$ LIB_PQUEUE = "pqueue"
+$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
+        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
+        "ts_asn1"
+$ LIB_JPAKE = "jpake,jpake_err"
+$ LIB_SRP = "srp_lib,srp_vfy"
+$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
+$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth"
+$!
+$! Setup exceptional compilations
+$!
+$ CC3_SHOWN = 0
+$ CC4_SHOWN = 0
+$ CC5_SHOWN = 0
+$ CC6_SHOWN = 0
+$!
+$! The following lists must have leading and trailing commas, and no
+$! embedded spaces.  (They are scanned for ",name,".)
+$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
+$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
+$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
+$ ! Disable disjoint optimization on VAX with DECC.
+$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
+                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning.
+$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
+$!
+$! Figure Out What Other Modules We Are To Build.
+$!
+$ BUILD_SET:
+$!
+$! Define A Module Counter.
+$!
+$ MODULE_COUNTER = 0
+$!
+$! Top Of The Loop.
+$!
+$ MODULE_NEXT:
+$!
+$! Extract The Module Name From The Encryption List.
+$!
+$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
+$ MODULE_NAME1 = MODULE_NAME
+$!
+$! Check To See If We Are At The End Of The Module List.
+$!
+$ IF (MODULE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The Module List, Go To MODULE_DONE.
+$!
+$   GOTO MODULE_DONE
+$!
+$! End The Module List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Moudle Counter.
+$!
+$ MODULE_COUNTER = MODULE_COUNTER + 1
+$!
+$! Create The Library and Apps Module Names.
+$!
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ APPS_MODULE = "APPS_" + MODULE_NAME
+$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
+$ THEN
+$   MODULE_NAME = "ASN1"
+$ ENDIF
+$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
+$ THEN
+$   MODULE_NAME = "EVP"
+$ ENDIF
+$!
+$! Set state (can be LIB and APPS)
+$!
+$ STATE = "LIB"
+$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ THEN
+$   WRITE SYS$ERROR ""
+$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
+$   WRITE SYS$ERROR ""
+$   GOTO MODULE_NEXT
+$ ENDIF
+$!
+$! Top Of The Module Loop.
+$!
+$ MODULE_AGAIN:
+$!
+$! Tell The User What Module We Are Building.
+$!
+$ IF (MODULE_NAME1.NES."") 
+$ THEN
+$   IF STATE .EQS. "LIB"
+$   THEN
+$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
+$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
+$     THEN
+$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$ APPLICATION = ""
+$ APPLICATION_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! Look in the LIB_MODULE is we're in state LIB
+$!
+$ IF STATE .EQS. "LIB"
+$ THEN
+$!
+$!   O.K, Extract The File Name From The File List.
+$!
+$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$!
+$!   else
+$!
+$ ELSE
+$   FILE_NAME = ","
+$!
+$   IF F$TYPE('APPS_MODULE') .NES. ""
+$   THEN
+$!
+$!     Extract The File Name From The File List.
+$!     This part is a bit more complicated.
+$!
+$     IF APPLICATION .EQS. ""
+$     THEN
+$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$       FILE_COUNTER = 0
+$     ENDIF
+$
+$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!     SHOW SYMBOL APPLICATION*
+$!
+$     IF APPLICATION .NES. ";"
+$     THEN
+$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
+$       IF FILE_NAME .EQS. ","
+$       THEN
+$         APPLICATION = ""
+$         GOTO NEXT_FILE
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$!
+$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
+$   THEN
+$     STATE = "APPS"
+$     GOTO MODULE_AGAIN
+$   ELSE
+$     GOTO FILE_DONE
+$   ENDIF
+$!
+$! End The File List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
+$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
+$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
+        FILE_NAME = FILE_NAME + ".c"
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
+$ ELSE
+$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
+$ ENDIF
+$ SOURCE_FILE = SOURCE_FILE - "]["
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Doesn't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Compiling The File.
+$!
+$ IF (MODULE_NAME.EQS."")
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
+$ ENDIF
+$ IF (MODULE_NAME.NES."")
+$ THEN 
+$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
+$ IF FILE_NAME - ".mar" .NES. FILE_NAME
+$ THEN
+$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
+$   THEN
+$     write sys$output "        \Using special rule (3)"
+$     if (.not. CC3_SHOWN)
+$     then
+$       CC3_SHOWN = 1
+$       x = "    "+ CC3
+$       write /symbol sys$output x
+$     endif
+$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ELSE
+$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
+$     THEN
+$       write /symbol sys$output "        \Using special rule (4)"
+$       if (.not. CC4_SHOWN)
+$       then
+$         CC4_SHOWN = 1
+$         x = "    "+ CC4
+$         write /symbol sys$output x
+$       endif
+$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$     ELSE
+$       IF CC5_DIFFERENT .AND. -
+         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
+$       THEN
+$         write sys$output "        \Using special rule (5)"
+$         if (.not. CC5_SHOWN)
+$         then
+$           CC5_SHOWN = 1
+$           x = "    "+ CC5
+$           write /symbol sys$output x
+$         endif
+$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ELSE
+$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$         THEN
+$           write sys$output "        \Using special rule (6)"
+$           if (.not. CC6_SHOWN)
+$           then
+$             CC6_SHOWN = 1
+$             x = "    "+ CC6
+$             write /symbol sys$output x
+$           endif
+$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ELSE
+$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ENDIF
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$ IF STATE .EQS. "LIB"
+$ THEN 
+$!
+$!   Add It To The Library.
+$!
+$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$!
+$!   Time To Clean Up The Object File.
+$!
+$   DELETE 'OBJECT_FILE';*
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Time To Build Some Applications
+$!
+$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
+$ THEN
+$   APPLICATION_COUNTER = 0
+$ NEXT_APPLICATION:
+$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
+$
+$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$
+$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!   SHOW SYMBOL APPLICATION*
+$!
+$! Tell the user what happens
+$!
+$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
+$!
+$! Link The Program.
+$!
+$   ON ERROR THEN GOTO NEXT_APPLICATION
+$!
+$!  Link With A TCP/IP Library.
+$!
+$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
+     /EXE='EXE_DIR''APPLICATION'.EXE -
+     'OBJ_DIR''APPLICATION_OBJECTS', -
+     'CRYPTO_LIB'/LIBRARY -
+     'TCPIP_LIB' -
+     'ZLIB_LIB' -
+     ,'OPT_FILE' /OPTIONS
+$!
+$   GOTO NEXT_APPLICATION
+$  APPLICATION_DONE:
+$ ENDIF
+$!
+$! Go Back And Get The Next Module.
+$!
+$ GOTO MODULE_NEXT
+$!
+$! All Done With This Module.
+$!
+$ MODULE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
+$!
+$     IF ARCH .EQS. "VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Against 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The non-VAX Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For non-VAX To Link Against 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is Blank, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Argument.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$   THEN
+$!
+$!    A Valid Argument.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$   DEBUGGER = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   MACRO_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$     LINKMAP = "MAP"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     MACRO_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE 
+$!
+$!    They Entered An Invalid Option.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check P7 (POINTER_SIZE).
+$!
+$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
+$ THEN
+$!
+$   IF (P7 .EQS. "32")
+$   THEN
+$     POINTER_SIZE = " /POINTER_SIZE=32"
+$   ELSE
+$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
+$     THEN
+$       ARCHD = ARCH+ "_64"
+$       LIB32 = ""
+$       POINTER_SIZE = " /POINTER_SIZE=64"
+$     ELSE
+$!
+$!      Tell The User Entered An Invalid Option.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", P7, -
+         " Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
+$       WRITE SYS$OUTPUT ""
+$! 
+$!      Time To EXIT.
+$!
+$       EXIT
+$!
+$     ENDIF
+$!
+$   ENDIF
+$!
+$! End The P7 (POINTER_SIZE) Check.
+$!
+$ ENDIF
+$!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
+   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]"
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!      Last resort: a UCX or UCX-compatible library
+$!
+$       P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!      That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P8
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+         THEN CC = "CC/DECC"
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES')"+ -
+       CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.NES."VAX"
+$     THEN
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
+$       EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
+           CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
+           CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$       CC6DISABLEWARNINGS = "MIXLINKAGE"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$     CC6DISABLEWARNINGS = ""
+$   ENDIF
+$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
+$   THEN
+$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
+$     CC5_DIFFERENT = 1
+$   ELSE
+$     CC5 = CC
+$     CC5_DIFFERENT = 0
+$   ENDIF
+$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Argument.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The Valid Argument Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P4.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P4.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
+$!
+$!  Else The User Entered An Invalid Argument.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the encryption
+$! methods.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$   ENCRYPT_TYPES = P6
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "CRYPTO]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index f92fc5182d..6aeda0a9ac 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                     long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *ptr);
+void CRYPTO_free_locked(void *);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *ptr);
+void CRYPTO_free(void *);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                            int line);
@@ -574,13 +574,6 @@ void OPENSSL_init(void);
 #define fips_cipher_abort(alg) while(0)
 #endif
 
-/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
- * takes an amount of time dependent on |len|, but independent of the contents
- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
- * defined order as the return value when a != b is undefined, other than to be
- * non-zero. */
-int CRYPTO_memcmp(const void *a, const void *b, size_t len);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
new file mode 100644
index 0000000000..d95ac156ec
--- /dev/null
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -0,0 +1,573 @@
+# $OpenBSD: Makefile,v 1.1 2014/04/11 22:51:53 miod Exp $
+
+LIB=    crypto
+
+SSL_SRC=        ${.CURDIR}/../../libssl/src
+LCRYPTO_SRC=    ${SSL_SRC}/crypto
+
+# arm and sh default to little endian, mips defaults to big endian
+.if ${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "amd64" || \
+    ${MACHINE_ARCH} == "arm" || ${MACHINE_ARCH} == "i386" || \
+    ${MACHINE_ARCH} == "mips64el" || ${MACHINE_ARCH} == "sh" || \
+    ${MACHINE_ARCH} == "vax"
+CFLAGS+= -DL_ENDIAN
+.else
+CFLAGS+= -DB_ENDIAN
+.endif 
+
+.include <bsd.own.mk>           # for 'NOPIC' definition
+.if !defined(NOPIC)
+CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H
+.endif
+
+.if ${MACHINE_ARCH} == "sparc"
+PICFLAG=-fPIC
+.endif
+
+CFLAGS+= -DTERMIOS -DANSI_SOURCE -DNO_ERR -DNO_WINDOWS_BRAINDEATH
+# Hardware engines
+CFLAGS+= -DOPENSSL_NO_HW_4758_CCA
+CFLAGS+= -DOPENSSL_NO_HW_AEP
+CFLAGS+= -DOPENSSL_NO_HW_ATALLA
+CFLAGS+= -DOPENSSL_NO_CAPIENG
+CFLAGS+= -DOPENSSL_NO_HW_CSWIFT
+CFLAGS+= -DOPENSSL_NO_HW_NCIPHER
+CFLAGS+= -DOPENSSL_NO_HW_NURON
+CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
+CFLAGS+= -DOPENSSL_NO_HW_SUREWARE
+CFLAGS+= -DOPENSSL_NO_HW_UBSEC
+
+CFLAGS+= -I${SSL_SRC}
+CFLAGS+= -I${LCRYPTO_SRC}
+CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp
+
+# crypto/
+SRCS+= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c
+SRCS+= ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+
+# aes/
+SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c
+SRCS+= aes_ctr.c aes_ige.c aes_wrap.c
+
+# asn1/
+SRCS+= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c
+SRCS+= a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c
+SRCS+= a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c
+SRCS+= x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c
+SRCS+= x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c
+SRCS+= x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c
+SRCS+= t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c
+SRCS+= tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c
+SRCS+= tasn_prn.c ameth_lib.c
+SRCS+= f_int.c f_string.c n_pkey.c
+SRCS+= f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c
+SRCS+= asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c
+SRCS+= evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+
+# bf/
+SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c
+
+# bio/
+SRCS+= bio_lib.c bio_cb.c bio_err.c
+SRCS+= bss_mem.c bss_null.c bss_fd.c
+SRCS+= bss_file.c bss_sock.c bss_conn.c
+SRCS+= bf_null.c bf_buff.c b_print.c b_dump.c
+SRCS+= b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+SRCS+= bss_dgram.c
+
+# bn/
+SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c
+SRCS+= bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c
+SRCS+= bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c
+SRCS+= bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
+SRCS+= bn_depr.c bn_const.c bn_x931p.c
+
+# buffer/
+SRCS+= buffer.c buf_err.c buf_str.c
+
+# camellia/
+#SRCS+= cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c cmll_utl.c
+
+# cast/
+SRCS+= c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+
+# cmac/
+SRCS+= cmac.c cm_ameth.c cm_pmeth.c
+
+# cms/
+#SRCS+= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
+#SRCS+= cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+#SRCS+= cms_pwri.c
+
+# comp/
+SRCS+= comp_lib.c comp_err.c c_rle.c c_zlib.c
+
+# conf/
+SRCS+= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c
+SRCS+= conf_mall.c conf_sap.c
+
+# des/
+SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c 
+SRCS+= ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c
+SRCS+= fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c
+SRCS+= qud_cksm.c rand_key.c rpc_enc.c  set_key.c xcbc_enc.c
+SRCS+= str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c
+SRCS+= read2pwd.c
+
+# dh/
+SRCS+= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
+SRCS+= dh_ameth.c dh_pmeth.c dh_prn.c
+
+# dsa/
+SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c
+SRCS+= dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
+
+# dso/
+SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c
+SRCS+= dso_openssl.c dso_win32.c dso_vms.c dso_beos.c
+
+# ec/
+SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c
+SRCS+= ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c
+SRCS+= ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c
+SRCS+= ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
+SRCS+= ecp_oct.c ec2_oct.c ec_oct.c
+
+# ecdh/
+SRCS+= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+# ecdsa/
+SRCS+= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
+
+# engine/
+SRCS+= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c
+SRCS+= eng_table.c eng_pkey.c eng_fat.c eng_all.c
+SRCS+= tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c
+SRCS+= tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c
+SRCS+= eng_openssl.c eng_cnf.c eng_dyn.c hw_cryptodev.c
+SRCS+= eng_rsax.c eng_rdrand.c
+# XXX unnecessary? handled in EVP now...
+# SRCS+= eng_aesni.c # local addition
+
+# err/
+SRCS+= err.c err_all.c err_prn.c
+
+# evp/
+SRCS+= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c
+SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
+SRCS+= e_rc4.c e_aes.c names.c e_seed.c
+SRCS+= e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c
+SRCS+= m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c
+SRCS+= m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c
+SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
+SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
+SRCS+= c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c
+SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c
+SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
+
+# hmac/
+SRCS+= hmac.c hm_ameth.c hm_pmeth.c
+
+# idea/
+SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+
+# jpake/
+#SRCS+= jpake.c jpake_err.c
+
+# krb5/
+SRCS+= krb5_asn.c
+
+# lhash/
+SRCS+= lhash.c lh_stats.c
+
+# md2
+##SRCS+= md2_dgst.c md2_one.c
+
+# md4/
+SRCS+= md4_dgst.c md4_one.c
+
+# md5/
+SRCS+= md5_dgst.c md5_one.c
+
+# mdc2/
+SRCS+= mdc2dgst.c mdc2_one.c
+
+# modes/
+SRCS+= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c
+
+# objects/
+SRCS+= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
+
+# ocsp/
+SRCS+= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c
+SRCS+= ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+# pem/
+SRCS+= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+SRCS+= pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
+
+# pkcs12/
+SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
+SRCS+= p12_init.c p12_key.c p12_kiss.c p12_mutl.c
+SRCS+= p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+
+# pkcs7/
+SRCS+= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c
+SRCS+= pk7_mime.c bio_pk7.c
+
+# pqueue/
+SRCS+= pqueue.c
+
+# rand/
+SRCS+= md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c
+SRCS+= rand_win.c rand_unix.c rand_os2.c rand_nw.c
+
+# rc2/
+SRCS+= rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+
+# rc4/
+SRCS+= rc4_utl.c
+
+# rc5/
+#SRCS+= rc5_skey.c rc5_ecb.c rc5cfb64.c rc5ofb64.c
+
+# ripemd/
+SRCS+= rmd_dgst.c rmd_one.c
+
+# rsa/
+SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+SRCS+= rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c
+SRCS+= rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c
+SRCS+= rsa_pmeth.c rsa_crpt.c
+
+# seed/
+#SRCS+= seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+
+# sha/
+SRCS+= sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
+
+# srp/
+#SRCS+= srp_lib.c srp_vfy.c
+
+# stack/
+SRCS+= stack.c
+
+# store/
+#SRCS+= str_err.c str_lib.c str_meth.c str_mem.c
+
+# ts/
+SRCS+= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c
+SRCS+= ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c
+SRCS+= ts_asn1.c
+
+# txt_db/
+SRCS+=txt_db.c
+
+# ui/
+SRCS+= ui_err.c ui_lib.c ui_openssl.c ui_util.c ui_compat.c
+
+# whrlpool/
+SRCS+= wp_dgst.c
+
+# x509/
+SRCS+= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c
+SRCS+= x509_obj.c x509_req.c x509spki.c x509_vfy.c
+SRCS+= x509_set.c x509cset.c x509rset.c x509_err.c
+SRCS+= x509name.c x509_v3.c x509_ext.c x509_att.c
+SRCS+= x509type.c x509_lu.c x_all.c x509_txt.c
+SRCS+= x509_trs.c by_file.c by_dir.c x509_vpm.c
+
+# x509v3/
+SRCS+= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
+SRCS+= v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c
+SRCS+= v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+SRCS+= v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c
+SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
+SRCS+= v3_asid.c v3_addr.c
+
+.PATH:  ${.CURDIR}/arch/${MACHINE_CPU} \
+        ${LCRYPTO_SRC} \
+        ${LCRYPTO_SRC}/aes \
+        ${LCRYPTO_SRC}/asn1 \
+        ${LCRYPTO_SRC}/bf \
+        ${LCRYPTO_SRC}/bio \
+        ${LCRYPTO_SRC}/bn \
+        ${LCRYPTO_SRC}/bn/asm \
+        ${LCRYPTO_SRC}/buffer \
+        ${LCRYPTO_SRC}/camellia \
+        ${LCRYPTO_SRC}/cast \
+        ${LCRYPTO_SRC}/cmac \
+        ${LCRYPTO_SRC}/cms \
+        ${LCRYPTO_SRC}/comp \
+        ${LCRYPTO_SRC}/conf \
+        ${LCRYPTO_SRC}/des \
+        ${LCRYPTO_SRC}/dh \
+        ${LCRYPTO_SRC}/dsa \
+        ${LCRYPTO_SRC}/dso \
+        ${LCRYPTO_SRC}/ec \
+        ${LCRYPTO_SRC}/ecdh \
+        ${LCRYPTO_SRC}/ecdsa \
+        ${LCRYPTO_SRC}/engine \
+        ${LCRYPTO_SRC}/err \
+        ${LCRYPTO_SRC}/evp \
+        ${LCRYPTO_SRC}/md2 \
+        ${LCRYPTO_SRC}/hmac \
+        ${LCRYPTO_SRC}/idea \
+        ${LCRYPTO_SRC}/jpake \
+        ${LCRYPTO_SRC}/krb5 \
+        ${LCRYPTO_SRC}/lhash \
+        ${LCRYPTO_SRC}/md4 \
+        ${LCRYPTO_SRC}/md5 \
+        ${LCRYPTO_SRC}/mdc2 \
+        ${LCRYPTO_SRC}/modes \
+        ${LCRYPTO_SRC}/objects \
+        ${LCRYPTO_SRC}/ocsp \
+        ${LCRYPTO_SRC}/pem \
+        ${LCRYPTO_SRC}/perlasm \
+        ${LCRYPTO_SRC}/pkcs12 \
+        ${LCRYPTO_SRC}/pkcs7 \
+        ${LCRYPTO_SRC}/pqueue \
+        ${LCRYPTO_SRC}/rand \
+        ${LCRYPTO_SRC}/rc2 \
+        ${LCRYPTO_SRC}/rc4 \
+        ${LCRYPTO_SRC}/rc5 \
+        ${LCRYPTO_SRC}/ripemd \
+        ${LCRYPTO_SRC}/rsa \
+        ${LCRYPTO_SRC}/seed \
+        ${LCRYPTO_SRC}/sha \
+        ${LCRYPTO_SRC}/stack \
+        ${LCRYPTO_SRC}/store \
+        ${LCRYPTO_SRC}/threads \
+        ${LCRYPTO_SRC}/ts \
+        ${LCRYPTO_SRC}/txt_db \
+        ${LCRYPTO_SRC}/ui \
+        ${LCRYPTO_SRC}/whrlpool \
+        ${LCRYPTO_SRC}/x509 \
+        ${LCRYPTO_SRC}/x509v3
+
+HDRS=\
+        e_os.h \
+        e_os2.h \
+        crypto/aes/aes.h \
+        crypto/asn1/asn1.h \
+        crypto/asn1/asn1_mac.h \
+        crypto/asn1/asn1t.h \
+        crypto/bf/blowfish.h \
+        crypto/bio/bio.h \
+        crypto/bn/bn.h \
+        crypto/buffer/buffer.h \
+        crypto/camellia/camellia.h \
+        crypto/cast/cast.h \
+        crypto/cmac/cmac.h \
+        crypto/cms/cms.h \
+        crypto/comp/comp.h \
+        crypto/conf/conf.h \
+        crypto/conf/conf_api.h \
+        crypto/crypto.h \
+        crypto/des/des.h \
+        crypto/des/des_old.h \
+        crypto/dh/dh.h \
+        crypto/dsa/dsa.h \
+        crypto/dso/dso.h \
+        crypto/ebcdic.h \
+        crypto/ec/ec.h \
+        crypto/ecdh/ecdh.h \
+        crypto/ecdsa/ecdsa.h \
+        crypto/engine/engine.h \
+        crypto/err/err.h \
+        crypto/evp/evp.h \
+        crypto/hmac/hmac.h \
+        crypto/idea/idea.h \
+        crypto/krb5/krb5_asn.h \
+        crypto/lhash/lhash.h \
+        crypto/md2/md2.h \
+        crypto/md4/md4.h \
+        crypto/md5/md5.h \
+        crypto/mdc2/mdc2.h \
+        crypto/modes/modes.h \
+        crypto/objects/objects.h \
+        crypto/ocsp/ocsp.h \
+        crypto/opensslv.h \
+        crypto/ossl_typ.h \
+        crypto/pem/pem.h \
+        crypto/pem/pem2.h \
+        crypto/pkcs12/pkcs12.h \
+        crypto/pkcs7/pkcs7.h \
+        crypto/pqueue/pqueue.h \
+        crypto/rand/rand.h \
+        crypto/rc2/rc2.h \
+        crypto/rc4/rc4.h \
+        crypto/rc5/rc5.h \
+        crypto/ripemd/ripemd.h \
+        crypto/rsa/rsa.h \
+        crypto/seed/seed.h \
+        crypto/sha/sha.h \
+        crypto/srp/srp.h \
+        crypto/stack/safestack.h \
+        crypto/stack/stack.h \
+        crypto/store/store.h \
+        crypto/symhacks.h \
+        crypto/ts/ts.h \
+        crypto/txt_db/txt_db.h \
+        crypto/ui/ui.h \
+        crypto/ui/ui_compat.h \
+        crypto/whrlpool/whrlpool.h \
+        crypto/x509/x509.h \
+        crypto/x509/x509_vfy.h \
+        crypto/x509v3/x509v3.h
+
+HDRS_GEN=\
+        ${.CURDIR}/arch/${MACHINE_CPU}/opensslconf.h \
+        ${.OBJDIR}/obj_mac.h
+
+includes: obj_mac.h
+        @test -d ${DESTDIR}/usr/include/openssl || \
+            mkdir ${DESTDIR}/usr/include/openssl
+        @cd ${SSL_SRC}; \
+        for i in $(HDRS); do \
+            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
+            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+                ${DESTDIR}/usr/include/openssl"; \
+            echo $$j; \
+            eval "$$j"; \
+        done; \
+        for i in $(HDRS_GEN); do \
+            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
+            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
+                ${DESTDIR}/usr/include/openssl"; \
+            echo $$j; \
+            eval "$$j"; \
+        done;
+
+# generated
+CFLAGS+= -I${.OBJDIR}
+
+GENERATED=obj_mac.h obj_dat.h
+CLEANFILES=${GENERATED} obj_mac.num.tmp
+SSL_OBJECTS=${SSL_SRC}/crypto/objects
+
+obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt
+        cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp
+        /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h
+
+obj_dat.h: obj_mac.h
+        /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h
+
+.if (${MACHINE_ARCH} == "i386")
+SRCS+= wp_block.c
+SRCS+= bf_cbc.c 
+CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS
+CFLAGS+= -DOPENSSL_IA32_SSE2
+CFLAGS+= -DOPENSSL_BN_ASM_MONT
+CFLAGS+= -DOPENSSL_BN_ASM_GF2m
+CFLAGS+= -DSHA1_ASM
+CFLAGS+= -DSHA256_ASM
+CFLAGS+= -DSHA512_ASM
+CFLAGS+= -DMD5_ASM
+CFLAGS+= -DRMD160_ASM
+CFLAGS+= -DAES_ASM
+CFLAGS+= -DVPAES_ASM
+CFLAGS+= -DWHIRLPOOL_ASM
+CFLAGS+= -DGHASH_ASM
+CFLAGS+= -DOPENSSL_CPUID_OBJ
+SSLASM=\
+        aes aes-586 \
+        aes vpaes-x86 \
+        aes aesni-x86 \
+        bf bf-586 \
+        bn bn-586 \
+        bn co-586 \
+        bn x86-mont \
+        bn x86-gf2m \
+        des crypt586 \
+        des des-586 \
+        md5 md5-586 \
+        modes ghash-x86 \
+        rc4 rc4-586 \
+        ripemd rmd-586 \
+        sha sha1-586 \
+        sha sha256-586 \
+        sha sha512-586 \
+        whrlpool wp-mmx
+.for dir f in ${SSLASM}
+SRCS+=  ${f}.S
+GENERATED+=${f}.S
+${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${LCRYPTO_SRC}/perlasm/x86gas.pl
+        /usr/bin/perl -I${LCRYPTO_SRC}/perlasm -I${LCRYPTO_SRC}/${dir}/asm \
+                ${LCRYPTO_SRC}/${dir}/asm/${f}.pl \
+                    openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}
+.endfor
+SRCS+=  x86cpuid.S
+GENERATED+=x86cpuid.S
+x86cpuid.S: ${LCRYPTO_SRC}/x86cpuid.pl ${LCRYPTO_SRC}/perlasm/x86gas.pl
+        /usr/bin/perl -I${LCRYPTO_SRC}/perlasm ${LCRYPTO_SRC}/x86cpuid.pl \
+                openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}
+.elif (${MACHINE_ARCH} == "amd64")
+SRCS+= bf_enc.c des_enc.c fcrypt_b.c
+SRCS+= x86_64-gcc.c
+CFLAGS+= -DOPENSSL_CPUID_OBJ
+CFLAGS+= -DOPENSSL_IA32_SSE2
+CFLAGS+= -DOPENSSL_BN_ASM_MONT
+CFLAGS+= -DOPENSSL_BN_ASM_MONT5
+CFLAGS+= -DOPENSSL_BN_ASM_GF2m
+CFLAGS+= -DSHA1_ASM
+CFLAGS+= -DSHA256_ASM
+CFLAGS+= -DSHA512_ASM
+CFLAGS+= -DMD5_ASM
+CFLAGS+= -DAES_ASM
+CFLAGS+= -DVPAES_ASM
+CFLAGS+= -DBSAES_ASM
+CFLAGS+= -DWHIRLPOOL_ASM
+CFLAGS+= -DGHASH_ASM
+SSLASM=\
+        aes aes-x86_64 \
+        aes aesni-x86_64 \
+        aes aesni-sha1-x86_64 \
+        aes bsaes-x86_64 \
+        aes vpaes-x86_64 \
+        bn x86_64-mont \
+        bn x86_64-mont5 \
+        bn x86_64-gf2m \
+        bn modexp512-x86_64 \
+        md5 md5-x86_64 \
+        modes ghash-x86_64 \
+        rc4 rc4-x86_64 \
+        rc4 rc4-md5-x86_64 \
+        sha sha1-x86_64 \
+        whrlpool wp-x86_64
+.for dir f in ${SSLASM}
+SRCS+=  ${f}.S
+GENERATED+=${f}.S
+${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl
+        (cd ${LCRYPTO_SRC}/${dir} ; \
+                /usr/bin/perl ./asm/${f}.pl openbsd-elf) > ${.TARGET}
+.endfor
+SRCS+=  x86_64cpuid.S sha256-x86_64.S sha512-x86_64.S
+GENERATED+=x86_64cpuid.S sha256-x86_64.S sha512-x86_64.S
+x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl
+        (cd ${LCRYPTO_SRC}/${dir} ; \
+                /usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET}
+sha256-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl
+        cd ${LCRYPTO_SRC}/sha/asm ; \
+                /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET}
+sha512-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl
+        cd ${LCRYPTO_SRC}/sha/asm ; \
+                /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET}
+.else
+# XXX lots more asm we can turn on for other platforms. Shouldn't require
+# major cranks.
+CFLAGS+=-DOPENSSL_NO_ASM
+SRCS+= mem_clr.c
+SRCS+= aes_core.c aes_cbc.c 
+SRCS+= bf_enc.c
+SRCS+= bn_asm.c
+SRCS+= des_enc.c fcrypt_b.c
+SRCS+= rc4_enc.c rc4_skey.c
+#SRCS+= rc5_enc.c 
+SRCS+= wp_block.c
+.endif
+
+all beforedepend: ${GENERATED}
+
+.include <bsd.lib.mk>
diff --git a/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
new file mode 100644
index 0000000000..30f6acfbb1
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
@@ -0,0 +1,271 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
new file mode 100644
index 0000000000..f969fd75e4
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
@@ -0,0 +1,268 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/arm/opensslconf.h b/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h b/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h
new file mode 100644
index 0000000000..f8f478ff52
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/i386/opensslconf.h b/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
new file mode 100644
index 0000000000..f7b5a6dc38
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
new file mode 100644
index 0000000000..e55282fd63
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sh/opensslconf.h b/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
new file mode 100644
index 0000000000..e55282fd63
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S b/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S
new file mode 100644
index 0000000000..2969ae9dac
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S
@@ -0,0 +1,436 @@
+#       $OpenBSD: bn_asm_vax.S,v 1.1 2014/04/11 22:51:53 miod Exp $
+#       $NetBSD: bn_asm_vax.S,v 1.1 2003/11/03 10:22:28 ragge Exp $
+
+#include <machine/asm.h>
+
+# w.j.m. 15-jan-1999
+#
+# it's magic ...
+#
+# ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+#       ULONG c = 0;
+#       int i;
+#       for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+#       return c;
+# }
+
+ENTRY(bn_mul_add_words,R6)
+        movl    4(%ap),%r2              # *r
+        movl    8(%ap),%r3              # *a
+        movl    12(%ap),%r4             # n
+        movl    16(%ap),%r5             # w
+        clrl    %r6                     # return value ("carry")
+
+0:      emul    %r5,(%r3),(%r2),%r0     # w * a[0] + r[0] -> r0
+
+        # fixup for "negative" r[]
+        tstl    (%r2)
+        bgeq    1f
+        incl    %r1                     # add 1 to highword
+
+1:      # add saved carry to result
+        addl2   %r6,%r0
+        adwc    $0,%r1
+
+        # combined fixup for "negative" w, a[]
+        tstl    %r5             # if w is negative...
+        bgeq    1f
+        addl2   (%r3),%r1       # ...add a[0] again to highword
+1:      tstl    (%r3)           # if a[0] is negative...
+        bgeq    1f
+        addl2   %r5,%r1         # ...add w again to highword
+1:
+        movl    %r0,(%r2)+      # save low word in dest & advance *r
+        addl2   $4,%r3          # advance *a
+        movl    %r1,%r6         # high word in r6 for return value
+
+        sobgtr  %r4,0b          # loop?
+
+        movl    %r6,%r0
+        ret
+
+#       .title  vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
+#;
+#; w.j.m. 15-jan-1999
+#;
+#; it's magic ...
+#;
+#; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_mul_words,R6)
+        movl    4(%ap),%r2              # *r
+        movl    8(%ap),%r3              # *a
+        movl    12(%ap),%r4             # n
+        movl    16(%ap),%r5             # w
+        clrl    %r6                     # carry
+
+0:      emul    %r5,(%r3),%r6,%r0       # w * a[0] + carry -> r0
+
+        # fixup for "negative" carry
+        tstl    %r6
+        bgeq    1f
+        incl    %r1
+
+1:      # combined fixup for "negative" w, a[]
+        tstl    %r5
+        bgeq    1f
+        addl2   (%r3),%r1
+1:      tstl    (%r3)
+        bgeq    1f
+        addl2   %r5,%r1
+
+1:      movl    %r0,(%r2)+
+        addl2   $4,%r3
+        movl    %r1,%r6
+
+        sobgtr  %r4,0b
+
+        movl    %r6,%r0
+        ret
+
+
+
+#       .title  vax_bn_sqr_words  unsigned square, 32*32=>64
+#;
+#; w.j.m. 15-jan-1999
+#;
+#; it's magic ...
+#;
+#; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+#;      int i;
+#;      for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+#; }
+#
+
+ENTRY(bn_sqr_words,0)
+        movl    4(%ap),%r2              # r
+        movl    8(%ap),%r3              # a
+        movl    12(%ap),%r4             # n
+
+0:      movl    (%r3)+,%r5              # r5 = a[] & advance
+
+        emul    %r5,%r5,$0,%r0          # a[0] * a[0] + 0 -> r0
+
+        # fixup for "negative" a[]
+        tstl    %r5
+        bgeq    1f
+        addl2   %r5,%r1
+        addl2   %r5,%r1
+
+1:      movq    %r0,(%r2)+              # store 64-bit result
+
+        sobgtr  %r4,0b                  # loop
+
+        ret
+
+
+#       .title  vax_bn_div_words  unsigned divide
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+#; {
+#;      return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+#; }
+#;
+#; Using EDIV would be very easy, if it didn't do signed calculations.
+#; Any time any of the input numbers are signed, there are problems,
+#; usually with integer overflow, at which point it returns useless
+#; data (the quotient gets the value of l, and the remainder becomes 0).
+#;
+#; If it was just for the dividend, it would be very easy, just divide
+#; it by 2 (unsigned), do the division, multiply the resulting quotient
+#; and remainder by 2, add the bit that was dropped when dividing by 2
+#; to the remainder, and do some adjustment so the remainder doesn't
+#; end up larger than the divisor.  For some cases when the divisor is
+#; negative (from EDIV's point of view, i.e. when the highest bit is set),
+#; dividing the dividend by 2 isn't enough, and since some operations
+#; might generate integer overflows even when the dividend is divided by
+#; 4 (when the high part of the shifted down dividend ends up being exactly
+#; half of the divisor, the result is the quotient 0x80000000, which is
+#; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
+#; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
+#; In this case, a little extra fiddling with the remainder is required.
+#;
+#; So, the simplest way to handle this is always to divide the dividend
+#; by 8, and to divide the divisor by 2 if it's highest bit is set.
+#; After EDIV has been used, the quotient gets multiplied by 8 if the
+#; original divisor was positive, otherwise 4.  The remainder, oddly
+#; enough, is *always* multiplied by 8.
+#; NOTE: in the case mentioned above, where the high part of the shifted
+#; down dividend ends up being exactly half the shifted down divisor, we
+#; end up with a 33 bit quotient.  That's no problem however, it usually
+#; means we have ended up with a too large remainder as well, and the
+#; problem is fixed by the last part of the algorithm (next paragraph).
+#;
+#; The routine ends with comparing the resulting remainder with the
+#; original divisor and if the remainder is larger, subtract the
+#; original divisor from it, and increase the quotient by 1.  This is
+#; done until the remainder is smaller than the divisor.
+#;
+#; The complete algorithm looks like this:
+#;
+#; d'    = d
+#; l'    = l & 7
+#; [h,l] = [h,l] >> 3
+#; [q,r] = floor([h,l] / d)     # This is the EDIV operation
+#; if (q < 0) q = -q            # I doubt this is necessary any more
+#;
+#; r'    = r >> 29
+#; if (d' >= 0)
+#;   q'  = q >> 29
+#;   q   = q << 3
+#; else
+#;   q'  = q >> 30
+#;   q   = q << 2
+#; r     = (r << 3) + l'
+#;
+#; if (d' < 0)
+#;   {
+#;     [r',r] = [r',r] - q
+#;     while ([r',r] < 0)
+#;       {
+#;         [r',r] = [r',r] + d
+#;         [q',q] = [q',q] - 1
+#;       }
+#;   }
+#;
+#; while ([r',r] >= d')
+#;   {
+#;     [r',r] = [r',r] - d'
+#;     [q',q] = [q',q] + 1
+#;   }
+#;
+#; return q
+#
+#;r2 = l, q
+#;r3 = h, r
+#;r4 = d
+#;r5 = l'
+#;r6 = r'
+#;r7 = d'
+#;r8 = q'
+#
+
+ENTRY(bn_div_words,R6|R7|R8)
+        movl    4(%ap),%r3              # h
+        movl    8(%ap),%r2              # l
+        movl    12(%ap),%r4             # d
+
+        bicl3   $-8,%r2,%r5             # l' = l & 7
+        bicl3   $7,%r2,%r2
+
+        bicl3   $-8,%r3,%r6
+        bicl3   $7,%r3,%r3
+
+        addl2   %r6,%r2
+
+        rotl    $-3,%r2,%r2             # l = l >> 3
+        rotl    $-3,%r3,%r3             # h = h >> 3
+
+        movl    %r4,%r7                 # d' = d
+
+        clrl    %r6                     # r' = 0
+        clrl    %r8                     # q' = 0
+
+        tstl    %r4
+        beql    0f                      # Uh-oh, the divisor is 0...
+        bgtr    1f
+        rotl    $-1,%r4,%r4     # If d is negative, shift it right.
+        bicl2   $0x80000000,%r4 # Since d is then a large number, the
+                                # lowest bit is insignificant
+                                # (contradict that, and I'll fix the problem!)
+1:
+        ediv    %r4,%r2,%r2,%r3         # Do the actual division
+
+        tstl    %r2
+        bgeq    1f
+        mnegl   %r2,%r2         # if q < 0, negate it
+1:
+        tstl    %r7
+        blss    1f
+        rotl    $3,%r2,%r2      #   q = q << 3
+        bicl3   $-8,%r2,%r8     #   q' gets the high bits from q
+        bicl3   $7,%r2,%r2
+        brb     2f
+
+1:                              # else
+        rotl    $2,%r2,%r2      #   q = q << 2
+        bicl3   $-4,%r2,%r8     #   q' gets the high bits from q
+        bicl3   $3,%r2,%r2
+2:
+        rotl    $3,%r3,%r3      # r = r << 3
+        bicl3   $-8,%r3,%r6     # r' gets the high bits from r
+        bicl3   $7,%r3,%r3
+        addl2   %r5,%r3         # r = r + l'
+
+        tstl    %r7
+        bgeq    5f
+        bitl    $1,%r7
+        beql    5f              # if d' < 0 && d' & 1
+        subl2   %r2,%r3         #   [r',r] = [r',r] - [q',q]
+        sbwc    %r8,%r6
+3:
+        bgeq    5f              #   while r < 0
+        decl    %r2             #     [q',q] = [q',q] - 1
+        sbwc    $0,%r8
+        addl2   %r7,%r3         #     [r',r] = [r',r] + d'
+        adwc    $0,%r6
+        brb     3b
+
+# The return points are placed in the middle to keep a short distance from
+# all the branch points
+1:
+#       movl    %r3,%r1
+        movl    %r2,%r0
+        ret
+0:
+        movl    $-1,%r0
+        ret
+5:
+        tstl    %r6
+        bneq    6f
+        cmpl    %r3,%r7
+        blssu   1b              # while [r',r] >= d'
+6:
+        subl2   %r7,%r3         #   [r',r] = [r',r] - d'
+        sbwc    $0,%r6
+        incl    %r2             #   [q',q] = [q',q] + 1
+        adwc    $0,%r8
+        brb     5b
+
+
+
+#       .title  vax_bn_add_words  unsigned add of two arrays
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_add_words,0)
+        movl    4(%ap),%r2      # r
+        movl    8(%ap),%r3      # a
+        movl    12(%ap),%r4     # b
+        movl    16(%ap),%r5     # n
+        clrl    %r0
+
+        tstl    %r5
+        bleq    1f
+
+0:      movl    (%r3)+,%r1      # carry untouched
+        adwc    (%r4)+,%r1      # carry used and touched
+        movl    %r1,(%r2)+      # carry untouched
+        sobgtr  %r5,0b          # carry untouched
+
+        adwc    $0,%r0
+1:      ret
+
+#;
+#; Richard Levitte 20-Nov-2000
+#;
+#; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+#;      ULONG c = 0;
+#;      int i;
+#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+#;      return(c);
+#; }
+#
+
+ENTRY(bn_sub_words,R6)
+        movl    4(%ap),%r2      # r
+        movl    8(%ap),%r3      # a
+        movl    12(%ap),%r4     # b
+        movl    16(%ap),%r5     # n
+        clrl    %r0
+
+        tstl    %r5
+        bleq    1f
+
+0:      movl    (%r3)+,%r6      # carry untouched
+        sbwc    (%r4)+,%r6      # carry used and touched
+        movl    %r6,(%r2)+      # carry untouched
+        sobgtr  %r5,0b          # carry untouched
+
+1:      adwc    $0,%r0
+        ret
+
+#
+#       Ragge 20-Sep-2003
+#
+#       Multiply a vector of 4/8 longword by another.
+#       Uses two loops and 16/64 emuls.
+#
+
+ENTRY(bn_mul_comba4,R6|R7|R8|R9)
+        movl    $4,%r9          # 4*4
+        brb     6f
+
+ENTRY(bn_mul_comba8,R6|R7|R8|R9)
+        movl    $8,%r9          # 8*8
+
+6:      movl    8(%ap),%r3      # a[]
+        movl    12(%ap),%r7     # b[]
+        brb     5f
+
+ENTRY(bn_sqr_comba4,R6|R7|R8|R9)
+        movl    $4,%r9          # 4*4
+        brb 0f
+
+ENTRY(bn_sqr_comba8,R6|R7|R8|R9)
+        movl    $8,%r9          # 8*8
+
+0:
+        movl    8(%ap),%r3      # a[]
+        movl    %r3,%r7         # a[]
+
+5:      movl    4(%ap),%r5      # r[]
+        movl    %r9,%r8
+
+        clrq    (%r5)           # clear destinatino, for add.
+        clrq    8(%r5)
+        clrq    16(%r5)         # these only needed for comba8
+        clrq    24(%r5)
+
+2:      clrl    %r4             # carry
+        movl    %r9,%r6         # inner loop count
+        movl    (%r7)+,%r2      # value to multiply with
+
+1:      emul    %r2,(%r3),%r4,%r0
+        tstl    %r4
+        bgeq    3f
+        incl    %r1
+3:      tstl    %r2
+        bgeq    3f
+        addl2   (%r3),%r1
+3:      tstl    (%r3)
+        bgeq    3f
+        addl2   %r2,%r1
+
+3:      addl2   %r0,(%r5)+      # add to destination
+        adwc    $0,%r1          # remember carry
+        movl    %r1,%r4         # add carry in next emul
+        addl2   $4,%r3
+        sobgtr  %r6,1b
+
+        movl    %r4,(%r5)       # save highest add result
+
+        ashl    $2,%r9,%r4
+        subl2   %r4,%r3
+        subl2   $4,%r4
+        subl2   %r4,%r5
+
+        sobgtr  %r8,2b
+
+        ret
diff --git a/src/lib/libcrypto/crypto/arch/vax/opensslconf.h b/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
new file mode 100644
index 0000000000..fc5ea38470
--- /dev/null
+++ b/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
@@ -0,0 +1,273 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SRP
+# define OPENSSL_NO_SRP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+#  define NO_CAMELLIA
+# endif
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+#  define NO_CMS
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+#  define NO_GOST
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+#  define NO_SEED
+# endif
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+#  define NO_SRP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version
new file mode 100644
index 0000000000..df4de0fc4d
--- /dev/null
+++ b/src/lib/libcrypto/crypto/shlib_version
@@ -0,0 +1,2 @@
+major=23
+minor=0
diff --git a/src/lib/libcrypto/des/DES.pm b/src/lib/libcrypto/des/DES.pm
new file mode 100644
index 0000000000..6a175b6ca4
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/src/lib/libcrypto/des/DES.xs b/src/lib/libcrypto/des/DES.xs
new file mode 100644
index 0000000000..b8050b9edf
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+
+#define deschar char
+static STRLEN len;
+
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+
+MODULE = DES    PACKAGE = DES   PREFIX = des_
+
+char *
+des_crypt(buf,salt)
+        char *  buf
+        char *  salt
+
+void
+des_set_odd_parity(key)
+        des_cblock *    key
+PPCODE:
+        {
+        SV *s;
+
+        s=sv_newmortal();
+        sv_setpvn(s,(char *)key,8);
+        des_set_odd_parity((des_cblock *)SvPV(s,na));
+        PUSHs(s);
+        }
+
+int
+des_is_weak_key(key)
+        des_cblock *    key
+
+des_key_schedule
+des_set_key(key)
+        des_cblock *    key
+CODE:
+        des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks
+        int     encrypt
+CODE:
+        des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+        char *  input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        des_cblock *    ivec1
+        des_cblock *    ivec2
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+                l,*ks1,*ks2,ivec1,ivec2,encrypt);
+        sv_setpvn(ST(3),(char *)ivec1,8);
+        sv_setpvn(ST(4),(char *)ivec2,8);
+        PUSHs(s);
+        }
+
+void
+des_cbc_cksum(input,ks,ivec)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s1,*s2;
+        STRLEN len,l;
+        des_cblock c;
+        unsigned long i1,i2;
+
+        s1=sv_newmortal();
+        s2=sv_newmortal();
+        l=SvCUR(ST(0));
+        des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec);
+        i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+        i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+        sv_setiv(s1,i1);
+        sv_setiv(s2,i2);
+        sv_setpvn(ST(2),(char *)c,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
+
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+        char *  input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len;
+        char *c;
+
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+                (int)numbits,(long)len,*ks,ivec,encrypt);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        int     encrypt
+CODE:
+        {
+        des_cblock c;
+
+        des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+                *ks1,*ks2,encrypt);
+        RETVAL= &c;
+        }
+OUTPUT:
+RETVAL
+
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+        unsigned char * input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        unsigned char *c;
+
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(unsigned char *)SvPV(s,na);
+        des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+                numbits,len,*ks,ivec);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+
+des_cblock *
+des_random_key()
+CODE:
+        {
+        des_cblock c;
+
+        des_random_key(c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+
+des_cblock *
+des_string_to_key(str)
+char *  str
+CODE:
+        {
+        des_cblock c;
+
+        des_string_to_key(str,&c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+
+void
+des_string_to_2keys(str)
+char *  str
+PPCODE:
+        {
+        des_cblock c1,c2;
+        SV *s1,*s2;
+
+        des_string_to_2keys(str,&c1,&c2);
+        EXTEND(sp,2);
+        s1=sv_newmortal();
+        sv_setpvn(s1,(char *)c1,8);
+        s2=sv_newmortal();
+        sv_setpvn(s2,(char *)c2,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
diff --git a/src/lib/libcrypto/des/FILES0 b/src/lib/libcrypto/des/FILES0
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libcrypto/des/FILES0
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT       - Copyright info.
+MODES.DES       - A description of the features of the different modes of DES.
+FILES           - This file.
+INSTALL         - How to make things compile.
+Imakefile       - For use with kerberos.
+README          - What this package is.
+VERSION         - Which version this is and what was changed.
+KERBEROS        - Kerberos version 4 notes.
+Makefile.PL     - An old makefile to build with perl5, not current.
+Makefile.ssl    - The SSLeay makefile
+Makefile.uni    - The normal unix makefile.
+GNUmakefile     - The makefile for use with glibc.
+makefile.bc     - A Borland C makefile
+times           - Some outputs from 'speed' on some machines.
+vms.com         - For use when compiling under VMS
+
+/* My SunOS des(1) replacement */
+des.c           - des(1) source code.
+des.man         - des(1) manual.
+
+/* Testing and timing programs. */
+destest.c       - Source for libdes.a test program.
+speed.c         - Source for libdes.a timing program.
+rpw.c           - Source for libdes.a testing password reading routines.
+
+/* libdes.a source code */
+des_crypt.man   - libdes.a manual page.
+des.h           - Public libdes.a header file.
+ecb_enc.c       - des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c      - des_ecb3_encrypt() source.
+cbc_ckm.c       - des_cbc_cksum() source.
+cbc_enc.c       - des_cbc_encrypt() source.
+ncbc_enc.c      - des_cbc_encrypt() that is 'normal' in that it copies
+                  the new iv values back in the passed iv vector.
+ede_enc.c       - des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c      - des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c       - des_cfb_encrypt() source.
+cfb64enc.c      - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher.
+cfb64ede.c      - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+ofb_enc.c       - des_cfb_encrypt() source.
+ofb64_enc.c     - des_ofb_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher.
+ofb64ede.c      - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+enc_read.c      - des_enc_read() source.
+enc_writ.c      - des_enc_write() source.
+pcbc_enc.c      - des_pcbc_encrypt() source.
+qud_cksm.c      - quad_cksum() source.
+rand_key.c      - des_random_key() source.
+read_pwd.c      - Source for des_read_password() plus related functions.
+set_key.c       - Source for des_set_key().
+str2key.c       - Covert a string of any length into a key.
+fcrypt.c        - A small, fast version of crypt(3).
+des_locl.h      - Internal libdes.a header file.
+podd.h          - Odd parity tables - used in des_set_key().
+sk.h            - Lookup tables used in des_set_key().
+spr.h           - What is left of the S tables - used in ecb_encrypt().
+des_ver.h       - header file for the external definition of the
+                  version string.
+des.doc         - SSLeay documentation for the library.
+
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl          - des in perl anyone? des_set_key and des_ecb_encrypt
+                  both done in a perl library.
+testdes.pl      - Testing program for des.pl
+doIP            - Perl script used to develop IP xor/shift code.
+doPC1           - Perl script used to develop PC1 xor/shift code.
+doPC2           - Generates sk.h.
+PC1             - Output of doPC1 should be the same as output from PC1.
+PC2             - used in development of doPC2.
+shifts.pl       - Perl library used by my perl scripts.
+
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
+
+
diff --git a/src/lib/libcrypto/des/INSTALL b/src/lib/libcrypto/des/INSTALL
new file mode 100644
index 0000000000..8aebdfe110
--- /dev/null
+++ b/src/lib/libcrypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+
+type 'make'
+
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevant option in the Makefile.
+
+There are some special Makefile targets that make life easier.
+make cc         - standard cc build
+make gcc        - standard gcc build
+make x86-elf    - x86 assembler (elf), linux-elf.
+make x86-out    - x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi   - x86 assembler (a.out with primative assembler).
+
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/src/lib/libcrypto/des/Imakefile b/src/lib/libcrypto/des/Imakefile
new file mode 100644
index 0000000000..1b9b5629e1
--- /dev/null
+++ b/src/lib/libcrypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+        ecb3_enc.c ofb_enc.c ofb64enc.c
+
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+        qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+        enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+        ecb3_enc.o ofb_enc.o ofb64enc.o
+
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+        vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+
+SRCDIR=$(SRCTOP)/lib/des
+
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+
+library_obj_rule()
+
+install_library_target(des,$(OBJS),$(SRCS),)
+
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/src/lib/libcrypto/des/KERBEROS b/src/lib/libcrypto/des/KERBEROS
new file mode 100644
index 0000000000..f401b10014
--- /dev/null
+++ b/src/lib/libcrypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+
+Now do a normal kerberos build and things should work.
+
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+
+*** make_commands.c.orig        Fri Jul  3 04:18:35 1987
+--- make_commands.c     Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile
new file mode 100644
index 0000000000..a6e1001329
--- /dev/null
+++ b/src/lib/libcrypto/des/Makefile
@@ -0,0 +1,279 @@
+#
+# OpenSSL/crypto/des/Makefile
+#
+
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+RANLIB=         ranlib
+DES_ENC=        des_enc.o fcrypt_b.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c \
+        xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+        read2pwd.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} \
+        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+        ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h des_old.h
+HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+des: des.o cbc3_enc.o lib
+        $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+des_enc-sparc.S:        asm/des_enc.m4
+        m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
+
+des-586.s:      asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+crypt586.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../e_os.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
+des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old2.o: ../../include/openssl/ui_compat.h des_old2.c
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ede_cbcm_enc.o: ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h
+enc_read.o: enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt.o: des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb_enc.o: des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_key.o: ../../include/openssl/ui_compat.h rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+set_key.o: des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+str2key.o: des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/src/lib/libcrypto/des/README b/src/lib/libcrypto/des/README
new file mode 100644
index 0000000000..621a5ab467
--- /dev/null
+++ b/src/lib/libcrypto/des/README
@@ -0,0 +1,54 @@
+
+                libdes, Version 4.01 10-Jan-97
+
+                Copyright (c) 1997, Eric Young
+                          All rights reserved.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+
+The best way to build this library is to build it as part of SSLeay.
+
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+
+The Imakefile is setup for use in the kerberos distribution.
+
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+
+Eric Young (eay@cryptsoft.com)
+
diff --git a/src/lib/libcrypto/des/VERSION b/src/lib/libcrypto/des/VERSION
new file mode 100644
index 0000000000..c7d01542bc
--- /dev/null
+++ b/src/lib/libcrypto/des/VERSION
@@ -0,0 +1,412 @@
+        Fixed the weak key values which were wrong :-(
+        Defining SIGACTION causes sigaction() to be used instead of signal().
+        SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+        can cause problems.  This should hopefully not affect normal
+        applications.
+
+Version 4.04
+        Fixed a few tests in destest.  Also added x86 assember for
+        des_ncbc_encrypt() which is the standard cbc mode function.
+        This makes a very very large performace difference.
+        Ariel Glenn ariel@columbia.edu reports that the terminal
+        'turn echo off' can return (errno == EINVAL) under solaris
+        when redirection is used.  So I now catch that as well as ENOTTY.
+
+
+Version 4.03
+        Left a static out of enc_write.c, which caused to buffer to be
+        continiously malloc()ed.  Does anyone use these functions?  I keep
+        on feeling like removing them since I only had these in there
+        for a version of kerberised login.  Anyway, this was pointed out
+        by Theo de Raadt <deraadt@cvs.openbsd.org>
+        The 'n' bit ofb code was wrong, it was not shifting the shift
+        register. It worked correctly for n == 64.  Thanks to
+        Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+
+Version 4.02
+        I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+        when checking for weak keys which is wrong :-(, pointed out by
+        Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+
+Version 4.01
+        Even faster inner loop in the DES assembler for x86 and a modification
+        for IP/FP which is faster on x86.  Both of these changes are
+        from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
+        changes make the assembler run %40 faster on a pentium.  This is just
+        a case of getting the instruction sequence 'just right'.
+        All credit to 'Svend' :-)
+        Quite a few special x86 'make' targets.
+        A libdes-l (lite) distribution.
+
+Version 4.00
+        After a bit of a pause, I'll up the major version number since this
+        is mostly a performace release.  I've added x86 assembler and
+        added more options for performance.  A %28 speedup for gcc 
+        on a pentium and the assembler is a %50 speedup.
+        MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+        Run des_opts to work out which options should be used.
+        DES_RISC1/DES_RISC2 use alternative inner loops which use
+        more registers but should give speedups on any CPU that does
+        dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+        which costs in code size.
+
+Version 3.26
+        I've finally removed one of the shifts in D_ENCRYPT.  This
+        meant I've changed the des_SPtrans table (spr.h), the set_key()
+        function and some things in des_enc.c.  This has definitly
+        made things faster :-).  I've known about this one for some
+        time but I've been too lazy to follow it up :-).
+        Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+        instead of L^=((..)|(..)|(..)..  This should save a register at
+        least.
+        Assember for x86.  The file to replace is des_enc.c, which is replaced
+        by one of the assembler files found in asm.  Look at des/asm/readme
+        for more info.
+
+        /* Modification to fcrypt so it can be compiled to support
+        HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+        Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
+
+        SIGWINCH case put in des_read_passwd() so the function does not
+        'exit' if this function is recieved.
+
+Version 3.25 17/07/96
+        Modified read_pwd.c so that stdin can be read if not a tty.
+        Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
+        des_init_random_number_generator() shortened due to VMS linker
+        limits.
+        Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+        8 byte quantites xored before and after encryption.
+        des_xcbc_encryption() - the name is funny to preserve the des_
+        prefix on all functions.
+
+Version 3.24 20/04/96
+        The DES_PTR macro option checked and used by SSLeay configuration
+
+Version 3.23 11/04/96
+        Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+        it gives a %20 speedup :-)
+        Fixed the problem with des.pl under perl5.  The patches were
+        sent by Ed Kubaitis (ejk@uiuc.edu).
+        if fcrypt.c, changed values to handle illegal salt values the way
+        normal crypt() implementations do.  Some programs apparently use
+        them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
+
+Version 3.22 29/11/95
+        Bug in des(1), an error with the uuencoding stuff when the
+        'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
+        for the patch.
+
+Version 3.21 22/11/95
+        After some emailing back and forth with 
+        Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
+        and in a future version I will probably put in some of the
+        optimisation he suggested for use with the DES_USE_PTR option.
+        Extra routines from Mark Murray <mark@grondar.za> for use in
+        freeBSD.  They mostly involve random number generation for use
+        with kerberos.  They involve evil machine specific system calls
+        etc so I would normally suggest pushing this stuff into the
+        application and/or using RAND_seed()/RAND_bytes() if you are
+        using this DES library as part of SSLeay.
+        Redone the read_pw() function so that it is cleaner and
+        supports termios, thanks to Sameer Parekh <sameer@c2.org>
+        for the initial patches for this.
+        Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+         done just to make things more consistent.
+        I have also now added triple DES versions of cfb and ofb.
+
+Version 3.20
+        Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+        my des_random_seed() function was only copying 4 bytes of the
+        passed seed into the init structure.  It is now fixed to copy 8.
+        My own suggestion is to used something like MD5 :-)
+
+Version 3.19 
+        While looking at my code one day, I though, why do I keep on
+        calling des_encrypt(in,out,ks,enc) when every function that
+        calls it has in and out the same.  So I dropped the 'out'
+        parameter, people should not be using this function.
+
+Version 3.18 30/08/95
+        Fixed a few bit with the distribution and the filenames.
+        3.17 had been munged via a move to DOS and back again.
+        NO CODE CHANGES
+
+Version 3.17 14/07/95
+        Fixed ede3 cbc which I had broken in 3.16.  I have also
+        removed some unneeded variables in 7-8 of the routines.
+
+Version 3.16 26/06/95
+        Added des_encrypt2() which does not use IP/FP, used by triple
+        des routines.  Tweaked things a bit elsewhere. %13 speedup on
+        sparc and %6 on a R4400 for ede3 cbc mode.
+
+Version 3.15 06/06/95
+        Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+        'normal' and copies the new iv value back over the top of the
+        passed parameter.
+        CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+        the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+        only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+        I need to update the documentation.
+
+Version 3.14 31/05/95
+        New release upon the world, as part of my SSL implementation.
+        New copyright and usage stuff.  Basically free for all to use
+        as long as you say it came from me :-)
+
+Version 3.13 31/05/95
+        A fix in speed.c, if HZ is not defined, I set it to 100.0
+        which is reasonable for most unixes except SunOS 4.x.
+        I now have a #ifdef sun but timing for SunOS 4.x looked very
+        good :-(.  At my last job where I used SunOS 4.x, it was
+        defined to be 60.0 (look at the old INSTALL documentation), at
+        the last release had it changed to 100.0 since I now work with
+        Solaris2 and SVR4 boxes.
+        Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
+        one out.
+
+Version 3.12 08/05/95
+        As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
+        my D_ENCRYPT macro in crypt() had an un-necessary variable.
+        It has been removed.
+
+Version 3.11 03/05/95
+        Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+        and one iv.  It is a standard and I needed it for my SSL code.
+        It makes more sense to use this for triple DES than
+        3cbc_encrypt().  I have also added (or should I say tested :-)
+        cfb64_encrypt() which is cfb64 but it will encrypt a partial
+        number of bytes - 3 bytes in 3 bytes out.  Again this is for
+        my SSL library, as a form of encryption to use with SSL
+        telnet.
+
+Version 3.10 22/03/95
+        Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+        to cbc3_encrypt, the 2 iv values that were being returned to
+        be used in the next call were reversed :-(.
+        Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
+        this error.
+
+Version 3.09 01/02/95
+        Fixed des_random_key to far more random, it was rather feeble
+        with regards to picking the initial seed.  The problem was
+        pointed out by Olaf Kirch <okir@monad.swb.de>.
+
+Version 3.08 14/12/94
+        Added Makefile.PL so libdes can be built into perl5.
+        Changed des_locl.h so RAND is always defined.
+
+Version 3.07 05/12/94
+        Added GNUmake and stuff so the library can be build with
+        glibc.
+
+Version 3.06 30/08/94
+        Added rpc_enc.c which contains _des_crypt.  This is for use in
+        secure_rpc v 4.0
+        Finally fixed the cfb_enc problems.
+        Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+        to Rob McMillan <R.McMillan@its.gu.edu.au>
+
+Version 3.05 21/04/94
+        for unsigned long l; gcc does not produce ((l>>34) == 0)
+        This causes bugs in cfb_enc.
+        Thanks to Hadmut Danisch <danisch@ira.uka.de>
+
+Version 3.04 20/04/94
+        Added a version number to des.c and libdes.a
+
+Version 3.03 12/01/94
+        Fixed a bug in non zero iv in 3cbc_enc.
+
+Version 3.02 29/10/93
+        I now work in a place where there are 6+ architectures and 14+
+        OS versions :-).
+        Fixed TERMIO definition so the most sys V boxes will work :-)
+
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+        Added des_3cbc_encrypt()
+
+Version 3.00 07/10/93
+        Fixed up documentation.
+        quad_cksum definitely compatible with MIT's now.
+
+Version 2.30 24/08/93
+        Triple DES now defaults to triple cbc but can do triple ecb
+         with the -b flag.
+        Fixed some MSDOS uuen/uudecoding problems, thanks to
+        Added prototypes.
+        
+Version 2.22 29/06/93
+        Fixed a bug in des_is_weak_key() which stopped it working :-(
+        thanks to engineering@MorningStar.Com.
+
+Version 2.21 03/06/93
+        des(1) with no arguments gives quite a bit of help.
+        Added -c (generate ckecksum) flag to des(1).
+        Added -3 (triple DES) flag to des(1).
+        Added cfb and ofb routines to the library.
+
+Version 2.20 11/03/93
+        Added -u (uuencode) flag to des(1).
+        I have been playing with byte order in quad_cksum to make it
+         compatible with MIT's version.  All I can say is avid this
+         function if possible since MIT's output is endian dependent.
+
+Version 2.12 14/10/92
+        Added MSDOS specific macro in ecb_encrypt which gives a %70
+         speed up when the code is compiled with turbo C.
+
+Version 2.11 12/10/92
+        Speedup in set_key (recoding of PC-1)
+         I now do it in 47 simple operations, down from 60.
+         Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         for motivating me to look for a faster system :-)
+         The speedup is probably less that 1% but it is still 13
+         instructions less :-).
+
+Version 2.10 06/10/92
+        The code now works on the 64bit ETA10 and CRAY without modifications or
+         #defines.  I believe the code should work on any machine that
+         defines long, int or short to be 8 bytes long.
+        Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+         for helping me fix the code to run on 64bit machines (he had
+         access to an ETA10).
+        Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
+         for testing the routines on a CRAY.
+        read_password.c has been renamed to read_passwd.c
+        string_to_key.c has been renamed to string2key.c
+
+Version 2.00 14/09/92
+        Made mods so that the library should work on 64bit CPU's.
+        Removed all my uchar and ulong defs.  To many different
+         versions of unix define them in their header files in too many
+         different combinations :-)
+        IRIX - Sillicon Graphics mods (mostly in read_password.c).
+         Thanks to Andrew Daviel (advax@erich.triumf.ca)
+
+Version 1.99 26/08/92
+        Fixed a bug or 2 in enc_read.c
+        Fixed a bug in enc_write.c
+        Fixed a pseudo bug in fcrypt.c (very obscure).
+
+Version 1.98 31/07/92
+        Support for the ETA10.  This is a strange machine that defines
+        longs and ints as 8 bytes and shorts as 4 bytes.
+        Since I do evil things with long * that assume that they are 4
+        bytes.  Look in the Makefile for the option to compile for
+        this machine.  quad_cksum appears to have problems but I
+        will don't have the time to fix it right now, and this is not
+        a function that uses DES and so will not effect the main uses
+        of the library.
+
+Version 1.97 20/05/92 eay
+        Fixed the Imakefile and made some changes to des.h to fix some
+        problems when building this package with Kerberos v 4.
+
+Version 1.96 18/05/92 eay
+        Fixed a small bug in string_to_key() where problems could
+        occur if des_check_key was set to true and the string
+        generated a weak key.
+
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+        Added an alternative version of the D_ENCRYPT macro in
+        ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+        other will be faster.  This was inspired by 
+        Dana How <how@isl.stanford.edu>, and her pointers about doing the
+        *(ulong *)((uchar *)ptr+(value&0xfc))
+        vs
+        ptr[value&0x3f]
+        to stop the C compiler doing a <<2 to convert the long array index.
+
+Version 1.94 05/05/92 eay
+        Fixed an incompatibility between my string_to_key and the MIT
+         version.  When the key is longer than 8 chars, I was wrapping
+         with a different method.  To use the old version, define
+         OLD_STR_TO_KEY in the makefile.  Thanks to
+         viktor@newsu.shearson.com (Viktor Dukhovni).
+
+Version 1.93 28/04/92 eay
+        Fixed the VMS mods so that echo is now turned off in
+         read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+        MSDOS support added.  The routines can be compiled with
+         Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+        Changed D_ENCRYPT so that the rotation of R occurs outside of
+         the loop.  This required rotating all the longs in sp.h (now
+         called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+        speed.c has been changed so it will work without SIGALRM.  If
+         times(3) is not present it will try to use ftime() instead.
+
+Version 1.91 08/04/92 eay
+        Added -E/-D options to des(1) so it can use string_to_key.
+        Added SVR4 mods suggested by witr@rwwa.COM
+        Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+        anyone knows how to turn of tty echo in VMS please tell me or
+        implement it yourself :-).
+        Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+        does not like IN/OUT being used.
+
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+        Now contains a fast small crypt replacement.
+        Added des(1) command.
+        Added des_rw_mode so people can use cbc encryption with
+        enc_read and enc_write.
+
+Version 1.8 15/10/91 eay
+        Bug in cbc_cksum.
+        Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+        one out.
+
+Version 1.7 24/09/91 eay
+        Fixed set_key :-)
+        set_key is 4 times faster and takes less space.
+        There are a few minor changes that could be made.
+
+Version 1.6 19/09/1991 eay
+        Finally go IP and FP finished.
+        Now I need to fix set_key.
+        This version is quite a bit faster that 1.51
+
+Version 1.52 15/06/1991 eay
+        20% speedup in ecb_encrypt by changing the E bit selection
+        to use 2 32bit words.  This also required modification of the
+        sp table.  There is still a way to speedup the IP and IP-1
+        (hints from outer@sq.com) still working on this one :-(.
+
+Version 1.51 07/06/1991 eay
+        Faster des_encrypt by loop unrolling
+        Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+
+Version 1.50 28/05/1991 eay
+        Optimised the code a bit more for the sparc.  I have improved the
+        speed of the inner des_encrypt by speeding up the initial and
+        final permutations.
+
+Version 1.40 23/10/1990 eay
+        Fixed des_random_key, it did not produce a random key :-(
+
+Version 1.30  2/10/1990 eay
+        Have made des_quad_cksum the same as MIT's, the full package
+        should be compatible with MIT's
+        Have tested on a DECstation 3100
+        Still need to fix des_set_key (make it faster).
+        Does des_cbc_encrypts at 70.5k/sec on a 3100.
+
+Version 1.20 18/09/1990 eay
+        Fixed byte order dependencies.
+        Fixed (I hope) all the word alignment problems.
+        Speedup in des_ecb_encrypt.
+
+Version 1.10 11/09/1990 eay
+        Added des_enc_read and des_enc_write.
+        Still need to fix des_quad_cksum.
+        Still need to document des_enc_read and des_enc_write.
+
+Version 1.00 27/08/1990 eay
+
diff --git a/src/lib/libcrypto/des/asm/readme b/src/lib/libcrypto/des/asm/readme
new file mode 100644
index 0000000000..1beafe253b
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft       Windows 95/Windows NT
+Elf             Includes Linux and FreeBSD(?).
+a.out           The older Linux.
+Solaris         Same as Elf but different comments :-(.
+
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor     eax,    eax                             # clear word
+movb    al,     cl                              # get low byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in word
+movb    al,     ch                              # get next byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in word
+shr     ecx     16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+
+Now the crunch.  When a full register is used after a partial write, eg.
+mov     al,     cl
+xor     edi,    DWORD PTR 0x100+des_SP[eax]
+386     - 1 cycle stall
+486     - 1 cycle stall
+586     - 0 cycle stall
+686     - at least 7 cycle stall (page 22 of the above mentioned document).
+
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov     eax,    ecx                             # copy word 
+shr     ecx,    8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in array lookup
+mov     eax,    ecx                             # get word
+shr     ecx     8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in array lookup
+
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+
+There is a third option.  instead of using
+mov     al,     ch
+which is bad on the pentium pro, one may be able to use
+movzx   eax,    ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+
+eric (20 Oct 1996)
+
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
+
diff --git a/src/lib/libcrypto/des/cbc3_enc.c b/src/lib/libcrypto/des/cbc3_enc.c
new file mode 100644
index 0000000000..b5db4e14f7
--- /dev/null
+++ b/src/lib/libcrypto/des/cbc3_enc.c
@@ -0,0 +1,99 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* HAS BUGS! DON'T USE - this is only present for use in des.c */
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+             DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
+             DES_cblock *iv2, int enc)
+        {
+        int off=((int)length-1)/8;
+        long l8=((length+7)/8)*8;
+        DES_cblock niv1,niv2;
+
+        if (enc == DES_ENCRYPT)
+                {
+                DES_cbc_encrypt((unsigned char*)input,
+                                (unsigned char*)output,length,&ks1,iv1,enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv1,output[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks2,iv1,!enc);
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks1,iv2,enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv2,output[off],sizeof(DES_cblock));
+                }
+        else
+                {
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv2,input[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)input,
+                                (unsigned char*)output,l8,&ks1,iv2,enc);
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks2,iv1,!enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv1,output[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,length,&ks1,iv1,enc);
+                }
+        memcpy(*iv1,niv1,sizeof(DES_cblock));
+        memcpy(*iv2,niv2,sizeof(DES_cblock));
+        }
+
diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com
new file mode 100644
index 0000000000..348f1c0470
--- /dev/null
+++ b/src/lib/libcrypto/des/des-lib.com
@@ -0,0 +1,1005 @@
+$!
+$!  DES-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the 
+$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
+$!  architecture of ALPHA, IA64 or VAX.
+$!
+$!  It was re-written to try to determine which "C" compiler to try to use
+$!  or the user can specify a compiler in P3.
+$!
+$!  Specify one of the following to build just that part, specify "ALL" to
+$!  just build everything.
+$!
+$!         ALL       To Just Build "Everything".
+$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
+$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
+$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
+$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
+$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
+$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
+$!
+$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
+$!  debugging information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!         VAXC  For VAX C.
+$!         DECC  For DEC C.
+$!         GNUC  For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to try to use.
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Make sure we know what architecture we run on.
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$!
+$!  The Architecture Is VAX
+$!
+$   ARCH := VAX
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
+$!
+$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB DESTEST
+$   GOSUB SPEED
+$   GOSUB RPW
+$   GOSUB DES
+$   GOSUB DES_OPTS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ LIBRARY:
+$!
+$! Tell The User That We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The DES Library Files.
+$!
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+                "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+                "enc_read,enc_writ,ofb64enc,"+ -
+                "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+                "des_enc,fcrypt_b,read2pwd,"+ -
+                "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$!  Tell The User We Are Compiling The Source File.
+$!
+$ WRITE SYS$OUTPUT "    ",FILE_NAME,".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DESTEST Program.
+$!
+$ DESTEST:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DESTEST.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
+$!
+$! Compile The DESTEST Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
+$!
+$! Link The DESTEST Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
+      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The SPEED Program.
+$!
+$ SPEED:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SPEED.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
+$!
+$! Compile The SPEED Program.
+$!
+$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
+$!
+$! Link The SPEED Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
+      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The RPW Program.
+$!
+$ RPW:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The RPW.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
+$!
+$! Compile The RPW Program.
+$!
+$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
+$!
+$! Link The RPW Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
+      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES Program.
+$!
+$ DES:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
+$!
+$! Compile The DES Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
+$!
+$! Link The DES Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
+      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
+      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES_OPTS Program.
+$!
+$ DES_OPTS:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES_OPTS.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
+$!
+$! Compile The DES_OPTS Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
+$!
+$! Link The DES_OPTS Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
+      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
+$!
+$     IF (F$GETSYI("CPU").LT.128)
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The non-VAX Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For non-VAX To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Library Check.
+$!
+$ LIB_CHECK:
+$!
+$!  Look For The Library LIBDES.OLB.
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If We Are To "Just Build Everything".
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is "ALL", So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Argument.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
+       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
+$   THEN
+$!
+$!    A Valid Argument.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
+$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
+$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
+$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
+$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
+$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Compile Without Debugger Information.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is Blank, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later.
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN := ""
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = ""
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+        CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+         THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.NES."VAX"
+$     THEN
+$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
+$       EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Argument.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c
new file mode 100644
index 0000000000..343135ff9e
--- /dev/null
+++ b/src/lib/libcrypto/des/des.c
@@ -0,0 +1,932 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+#ifndef OPENSSL_SYS_VMS
+#include OPENSSL_UNISTD
+#else /* OPENSSL_SYS_VMS */
+#ifdef __DECC
+#include <unistd.h>
+#else /* not __DECC */
+#include <math.h>
+#endif /* __DECC */
+#endif /* OPENSSL_SYS_VMS */
+#else /* OPENSSL_SYS_MSDOS */
+#include <io.h>
+#endif
+
+#include <time.h>
+#include "des_ver.h"
+
+#ifdef OPENSSL_SYS_VMS
+#include <types.h>
+#include <stat.h>
+#else
+#ifndef _IRIX
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/ui_compat.h>
+
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
+        DES_key_schedule sk1,DES_key_schedule sk2,
+        DES_cblock *ivec1,DES_cblock *ivec2,int enc);
+#ifdef OPENSSL_SYS_VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ  8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN        (45*100)
+#define OUTUUBUF        (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+
+int main(int argc, char **argv)
+        {
+        int i;
+        struct stat ins,outs;
+        char *p;
+        char *in=NULL,*out=NULL;
+
+        vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+        error=0;
+        memset(key,0,sizeof(key));
+
+        for (i=1; i<argc; i++)
+                {
+                p=argv[i];
+                if ((p[0] == '-') && (p[1] != '\0'))
+                        {
+                        p++;
+                        while (*p)
+                                {
+                                switch (*(p++))
+                                        {
+                                case '3':
+                                        flag3=1;
+                                        longk=1;
+                                        break;
+                                case 'c':
+                                        cflag=1;
+                                        strncpy(cksumname,p,200);
+                                        cksumname[sizeof(cksumname)-1]='\0';
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'C':
+                                        cflag=1;
+                                        longk=1;
+                                        strncpy(cksumname,p,200);
+                                        cksumname[sizeof(cksumname)-1]='\0';
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'e':
+                                        eflag=1;
+                                        break;
+                                case 'v':
+                                        vflag=1;
+                                        break;
+                                case 'E':
+                                        eflag=1;
+                                        longk=1;
+                                        break;
+                                case 'd':
+                                        dflag=1;
+                                        break;
+                                case 'D':
+                                        dflag=1;
+                                        longk=1;
+                                        break;
+                                case 'b':
+                                        bflag=1;
+                                        break;
+                                case 'f':
+                                        fflag=1;
+                                        break;
+                                case 's':
+                                        sflag=1;
+                                        break;
+                                case 'u':
+                                        uflag=1;
+                                        strncpy(uuname,p,200);
+                                        uuname[sizeof(uuname)-1]='\0';
+                                        p+=strlen(uuname);
+                                        break;
+                                case 'h':
+                                        hflag=1;
+                                        break;
+                                case 'k':
+                                        kflag=1;
+                                        if ((i+1) == argc)
+                                                {
+                                                fputs("must have a key with the -k option\n",stderr);
+                                                error=1;
+                                                }
+                                        else
+                                                {
+                                                int j;
+
+                                                i++;
+                                                strncpy(key,argv[i],KEYSIZB);
+                                                for (j=strlen(argv[i])-1; j>=0; j--)
+                                                        argv[i][j]='\0';
+                                                }
+                                        break;
+                                default:
+                                        fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+                                        error=1;
+                                        break;
+                                        }
+                                }
+                        }
+                else
+                        {
+                        if (in == NULL)
+                                in=argv[i];
+                        else if (out == NULL)
+                                out=argv[i];
+                        else
+                                error=1;
+                        }
+                }
+        if (error) usage();
+        /* We either
+         * do checksum or
+         * do encrypt or
+         * do decrypt or
+         * do decrypt then ckecksum or
+         * do checksum then encrypt
+         */
+        if (((eflag+dflag) == 1) || cflag)
+                {
+                if (eflag) do_encrypt=DES_ENCRYPT;
+                if (dflag) do_encrypt=DES_DECRYPT;
+                }
+        else
+                {
+                if (vflag) 
+                        {
+#ifndef _Windows                        
+                        fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+                        EXIT(1);
+                        }
+                else usage();
+                }
+
+#ifndef _Windows                        
+        if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+        if (    (in != NULL) &&
+                (out != NULL) &&
+#ifndef OPENSSL_SYS_MSDOS
+                (stat(in,&ins) != -1) &&
+                (stat(out,&outs) != -1) &&
+                (ins.st_dev == outs.st_dev) &&
+                (ins.st_ino == outs.st_ino))
+#else /* OPENSSL_SYS_MSDOS */
+                (strcmp(in,out) == 0))
+#endif
+                        {
+                        fputs("input and output file are the same\n",stderr);
+                        EXIT(3);
+                        }
+
+        if (!kflag)
+                if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+                        {
+                        fputs("password error\n",stderr);
+                        EXIT(2);
+                        }
+
+        if (in == NULL)
+                DES_IN=stdin;
+        else if ((DES_IN=fopen(in,"r")) == NULL)
+                {
+                perror("opening input file");
+                EXIT(4);
+                }
+
+        CKSUM_OUT=stdout;
+        if (out == NULL)
+                {
+                DES_OUT=stdout;
+                CKSUM_OUT=stderr;
+                }
+        else if ((DES_OUT=fopen(out,"w")) == NULL)
+                {
+                perror("opening output file");
+                EXIT(5);
+                }
+
+#ifdef OPENSSL_SYS_MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        if (!(uflag && dflag))
+                setmode(fileno(DES_IN),O_BINARY);
+        if (!(uflag && eflag))
+                setmode(fileno(DES_OUT),O_BINARY);
+        }
+#endif
+
+        doencryption();
+        fclose(DES_IN);
+        fclose(DES_OUT);
+        EXIT(0);
+        }
+
+void usage(void)
+        {
+        char **u;
+        static const char *Usage[]={
+"des <options> [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using SunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using SunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexadecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+"-3         : encrypt using triple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivalent to normal",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
+NULL
+};
+        for (u=(char **)Usage; *u; u++)
+                {
+                fputs(*u,stderr);
+                fputc('\n',stderr);
+                }
+
+        EXIT(1);
+        }
+
+void doencryption(void)
+        {
+#ifdef _LIBC
+        extern unsigned long time();
+#endif
+
+        register int i;
+        DES_key_schedule ks,ks2;
+        DES_cblock iv,iv2;
+        char *p;
+        int num=0,j,k,l,rem,ll,len,last,ex=0;
+        DES_cblock kk,k2;
+        FILE *O;
+        int Exit=0;
+#ifndef OPENSSL_SYS_MSDOS
+        static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+        static unsigned char *buf=NULL,*obuf=NULL;
+
+        if (buf == NULL)
+                {
+                if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
+                        ((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
+                        {
+                        fputs("Not enough memory\n",stderr);
+                        Exit=10;
+                        goto problems;
+                        }
+                }
+#endif
+
+        if (hflag)
+                {
+                j=(flag3?16:8);
+                p=key;
+                for (i=0; i<j; i++)
+                        {
+                        k=0;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k=(*p-'0')<<4;
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k=(*p-'a'+10)<<4;
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k=(*p-'A'+10)<<4;
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k|=(*p-'0');
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k|=(*p-'a'+10);
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k|=(*p-'A'+10);
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if (i < 8)
+                                kk[i]=k;
+                        else
+                                k2[i-8]=k;
+                        }
+                DES_set_key_unchecked(&k2,&ks2);
+                OPENSSL_cleanse(k2,sizeof(k2));
+                }
+        else if (longk || flag3)
+                {
+                if (flag3)
+                        {
+                        DES_string_to_2keys(key,&kk,&k2);
+                        DES_set_key_unchecked(&k2,&ks2);
+                        OPENSSL_cleanse(k2,sizeof(k2));
+                        }
+                else
+                        DES_string_to_key(key,&kk);
+                }
+        else
+                for (i=0; i<KEYSIZ; i++)
+                        {
+                        l=0;
+                        k=key[i];
+                        for (j=0; j<8; j++)
+                                {
+                                if (k&1) l++;
+                                k>>=1;
+                                }
+                        if (l & 1)
+                                kk[i]=key[i]&0x7f;
+                        else
+                                kk[i]=key[i]|0x80;
+                        }
+
+        DES_set_key_unchecked(&kk,&ks);
+        OPENSSL_cleanse(key,sizeof(key));
+        OPENSSL_cleanse(kk,sizeof(kk));
+        /* woops - A bug that does not showup under unix :-( */
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+
+        l=1;
+        rem=0;
+        /* first read */
+        if (eflag || (!dflag && cflag))
+                {
+                for (;;)
+                        {
+                        num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        l+=rem;
+                        num+=rem;
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+
+                        rem=l%8;
+                        len=l-rem;
+                        if (feof(DES_IN))
+                                {
+                                for (i=7-rem; i>0; i--)
+                                        RAND_pseudo_bytes(buf + l++, 1);
+                                buf[l++]=rem;
+                                ex=1;
+                                len+=rem;
+                                }
+                        else
+                                l-=rem;
+
+                        if (cflag)
+                                {
+                                DES_cbc_cksum(buf,&cksum,
+                                        (long)len,&ks,&cksum);
+                                if (!eflag)
+                                        {
+                                        if (feof(DES_IN)) break;
+                                        else continue;
+                                        }
+                                }
+
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb2_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,&ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                char tmpbuf[8];
+
+                                if (rem) memcpy(tmpbuf,&(buf[l]),
+                                        (unsigned int)rem);
+                                DES_3cbc_encrypt(
+                                        (DES_cblock *)buf,(DES_cblock *)obuf,
+                                        (long)l,ks,ks2,&iv,
+                                        &iv2,do_encrypt);
+                                if (rem) memcpy(&(buf[l]),tmpbuf,
+                                        (unsigned int)rem);
+                                }
+                        else
+                                {
+                                DES_cbc_encrypt(
+                                        buf,obuf,
+                                        (long)l,&ks,&iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
+                                }
+                        if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+
+                        i=0;
+                        while (i < l)
+                                {
+                                if (uflag)
+                                        j=uufwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                else
+                                        j=fwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        if (feof(DES_IN))
+                                {
+                                if (uflag) uufwriteEnd(DES_OUT);
+                                break;
+                                }
+                        }
+                }
+        else /* decrypt */
+                {
+                ex=1;
+                for (;;)
+                        {
+                        if (ex) {
+                                if (uflag)
+                                        l=uufread(buf,1,BUFSIZE,DES_IN);
+                                else
+                                        l=fread(buf,1,BUFSIZE,DES_IN);
+                                ex=0;
+                                rem=l%8;
+                                l-=rem;
+                                }
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb2_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,&ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                DES_3cbc_encrypt(
+                                        (DES_cblock *)buf,(DES_cblock *)obuf,
+                                        (long)l,ks,ks2,&iv,
+                                        &iv2,do_encrypt);
+                                }
+                        else
+                                {
+                                DES_cbc_encrypt(
+                                        buf,obuf,
+                                        (long)l,&ks,&iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(buf[l-8]),8);
+                                }
+
+                        if (uflag)
+                                ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        else
+                                ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        ll+=rem;
+                        rem=ll%8;
+                        ll-=rem;
+                        if (feof(DES_IN) && (ll == 0))
+                                {
+                                last=obuf[l-1];
+
+                                if ((last > 7) || (last < 0))
+                                        {
+                                        fputs("The file was not decrypted correctly.\n",
+                                                stderr);
+                                        Exit=8;
+                                        last=0;
+                                        }
+                                l=l-8+last;
+                                }
+                        i=0;
+                        if (cflag) DES_cbc_cksum(obuf,
+                                (DES_cblock *)cksum,(long)l/8*8,&ks,
+                                (DES_cblock *)cksum);
+                        while (i != l)
+                                {
+                                j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        l=ll;
+                        if ((l == 0) && feof(DES_IN)) break;
+                        }
+                }
+        if (cflag)
+                {
+                l=0;
+                if (cksumname[0] != '\0')
+                        {
+                        if ((O=fopen(cksumname,"w")) != NULL)
+                                {
+                                CKSUM_OUT=O;
+                                l=1;
+                                }
+                        }
+                for (i=0; i<8; i++)
+                        fprintf(CKSUM_OUT,"%02X",cksum[i]);
+                fprintf(CKSUM_OUT,"\n");
+                if (l) fclose(CKSUM_OUT);
+                }
+problems:
+        OPENSSL_cleanse(buf,sizeof(buf));
+        OPENSSL_cleanse(obuf,sizeof(obuf));
+        OPENSSL_cleanse(&ks,sizeof(ks));
+        OPENSSL_cleanse(&ks2,sizeof(ks2));
+        OPENSSL_cleanse(iv,sizeof(iv));
+        OPENSSL_cleanse(iv2,sizeof(iv2));
+        OPENSSL_cleanse(kk,sizeof(kk));
+        OPENSSL_cleanse(k2,sizeof(k2));
+        OPENSSL_cleanse(uubuf,sizeof(uubuf));
+        OPENSSL_cleanse(b,sizeof(b));
+        OPENSSL_cleanse(bb,sizeof(bb));
+        OPENSSL_cleanse(cksum,sizeof(cksum));
+        if (Exit) EXIT(Exit);
+        }
+
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+        {
+        int i,j,left,rem,ret=num;
+        static int start=1;
+
+        if (start)
+                {
+                fprintf(fp,"begin 600 %s\n",
+                        (uuname[0] == '\0')?"text.d":uuname);
+                start=0;
+                }
+
+        if (uubufnum)
+                {
+                if (uubufnum+num < 45)
+                        {
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+                        uubufnum+=num;
+                        return(num);
+                        }
+                else
+                        {
+                        i=45-uubufnum;
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+                        j=uuencode((unsigned char *)uubuf,45,b);
+                        fwrite(b,1,(unsigned int)j,fp);
+                        uubufnum=0;
+                        data+=i;
+                        num-=i;
+                        }
+                }
+
+        for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+                {
+                j=uuencode(&(data[i]),INUUBUFN,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        rem=(num-i)%45;
+        left=(num-i-rem);
+        if (left)
+                {
+                j=uuencode(&(data[i]),left,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                i+=left;
+                }
+        if (i != num)
+                {
+                memcpy(uubuf,&(data[i]),(unsigned int)rem);
+                uubufnum=rem;
+                }
+        return(ret);
+        }
+
+void uufwriteEnd(FILE *fp)
+        {
+        int j;
+        static const char *end=" \nend\n";
+
+        if (uubufnum != 0)
+                {
+                uubuf[uubufnum]='\0';
+                uubuf[uubufnum+1]='\0';
+                uubuf[uubufnum+2]='\0';
+                j=uuencode(uubuf,uubufnum,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        fwrite(end,1,strlen(end),fp);
+        }
+
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+        {
+        int i,j,tot;
+        static int done=0;
+        static int valid=0;
+        static int start=1;
+
+        if (start)
+                {
+                for (;;)
+                        {
+                        b[0]='\0';
+                        fgets((char *)b,300,fp);
+                        if (b[0] == '\0')
+                                {
+                                fprintf(stderr,"no 'begin' found in uuencoded input\n");
+                                return(-1);
+                                }
+                        if (strncmp((char *)b,"begin ",6) == 0) break;
+                        }
+                start=0;
+                }
+        if (done) return(0);
+        tot=0;
+        if (valid)
+                {
+                memcpy(out,bb,(unsigned int)valid);
+                tot=valid;
+                valid=0;
+                }
+        for (;;)
+                {
+                b[0]='\0';
+                fgets((char *)b,300,fp);
+                if (b[0] == '\0') break;
+                i=strlen((char *)b);
+                if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+                        {
+                        done=1;
+                        while (!feof(fp))
+                                {
+                                fgets((char *)b,300,fp);
+                                }
+                        break;
+                        }
+                i=uudecode(b,i,bb);
+                if (i < 0) break;
+                if ((i+tot+8) > num)
+                        {
+                        /* num to copy to make it a multiple of 8 */
+                        j=(num/8*8)-tot-8;
+                        memcpy(&(out[tot]),bb,(unsigned int)j);
+                        tot+=j;
+                        memcpy(bb,&(bb[j]),(unsigned int)i-j);
+                        valid=i-j;
+                        break;
+                        }
+                memcpy(&(out[tot]),bb,(unsigned int)i);
+                tot+=i;
+                }
+        return(tot);
+        }
+
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+                         l|=((DES_LONG)(*((c)++)))<< 8, \
+                         l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+
+
+int uuencode(unsigned char *in, int num, unsigned char *out)
+        {
+        int j,i,n,tot=0;
+        DES_LONG l;
+        register unsigned char *p;
+        p=out;
+
+        for (j=0; j<num; j+=45)
+                {
+                if (j+45 > num)
+                        i=(num-j);
+                else    i=45;
+                *(p++)=i+' ';
+                for (n=0; n<i; n+=3)
+                        {
+                        ccc2l(in,l);
+                        *(p++)=((l>>18)&0x3f)+' ';
+                        *(p++)=((l>>12)&0x3f)+' ';
+                        *(p++)=((l>> 6)&0x3f)+' ';
+                        *(p++)=((l    )&0x3f)+' ';
+                        tot+=4;
+                        }
+                *(p++)='\n';
+                tot+=2;
+                }
+        *p='\0';
+        l=0;
+        return(tot);
+        }
+
+int uudecode(unsigned char *in, int num, unsigned char *out)
+        {
+        int j,i,k;
+        unsigned int n=0,space=0;
+        DES_LONG l;
+        DES_LONG w,x,y,z;
+        unsigned int blank=(unsigned int)'\n'-' ';
+
+        for (j=0; j<num; )
+                {
+                n= *(in++)-' ';
+                if (n == blank)
+                        {
+                        n=0;
+                        in--;
+                        }
+                if (n > 60)
+                        {
+                        fprintf(stderr,"uuencoded line length too long\n");
+                        return(-1);
+                        }
+                j++;
+
+                for (i=0; i<n; j+=4,i+=3)
+                        {
+                        /* the following is for cases where spaces are
+                         * removed from lines.
+                         */
+                        if (space)
+                                {
+                                w=x=y=z=0;
+                                }
+                        else
+                                {
+                                w= *(in++)-' ';
+                                x= *(in++)-' ';
+                                y= *(in++)-' ';
+                                z= *(in++)-' ';
+                                }
+                        if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
+                                {
+                                k=0;
+                                if (w == blank) k=1;
+                                if (x == blank) k=2;
+                                if (y == blank) k=3;
+                                if (z == blank) k=4;
+                                space=1;
+                                switch (k) {
+                                case 1: w=0; in--;
+                                case 2: x=0; in--;
+                                case 3: y=0; in--;
+                                case 4: z=0; in--;
+                                        break;
+                                case 0:
+                                        space=0;
+                                        fprintf(stderr,"bad uuencoded data values\n");
+                                        w=x=y=z=0;
+                                        return(-1);
+                                        break;
+                                        }
+                                }
+                        l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+                        l2ccc(l,out);
+                        }
+                if (*(in++) != '\n')
+                        {
+                        fprintf(stderr,"missing nl in uuencoded line\n");
+                        w=x=y=z=0;
+                        return(-1);
+                        }
+                j++;
+                }
+        *out='\0';
+        w=x=y=z=0;
+        return(n);
+        }
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 1eaedcbd24..23c8cfc901 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_NEW_DES_H
-#define HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES,
                                    DES_LONG (via openssl/opensslconf.h */
@@ -71,6 +71,8 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
+#define des_SPtrans DES_SPtrans
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libcrypto/des/des.pod b/src/lib/libcrypto/des/des.pod
new file mode 100644
index 0000000000..bf479e83d2
--- /dev/null
+++ b/src/lib/libcrypto/des/des.pod
@@ -0,0 +1,217 @@
+=pod
+
+=head1 NAME
+
+des - encrypt or decrypt data using Data Encryption Standard
+
+=head1 SYNOPSIS
+
+B<des>
+(
+B<-e>
+|
+B<-E>
+) | (
+B<-d>
+|
+B<-D>
+) | (
+B<->[B<cC>][B<ckname>]
+) |
+[
+B<-b3hfs>
+] [
+B<-k>
+I<key>
+]
+] [
+B<-u>[I<uuname>]
+[
+I<input-file>
+[
+I<output-file>
+] ]
+
+=head1 NOTE
+
+This page describes the B<des> stand-alone program, not the B<openssl des>
+command.
+
+=head1 DESCRIPTION
+
+B<des>
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+B<-e>, B<-E>
+(for encrypt) or
+B<-d>, B<-D>
+(for decrypt) must be specified.
+It is also possible to use
+B<-c>
+or
+B<-C>
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+I<des_cbc_cksum>.
+
+Two standard encryption modes are supported by the
+B<des>
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+B<-b>).
+
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+B<-k>
+I<key>
+option is given.
+If the key is an argument to the
+B<des>
+command, it is potentially visible to users executing
+ps(1)
+or a derivative.  To minimise this possibility,
+B<des>
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+
+Since this program attempts to maintain compatibility with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+B<-E>, B<-D>, B<-C>
+or
+B<-3>
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+B<des>
+command reads from standard input unless
+I<input-file>
+is specified and writes to standard output unless
+I<output-file>
+is given.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-b>
+
+Select ECB
+(eight bytes at a time) encryption mode.
+
+=item B<-3>
+
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+B<-b>
+option is used then triple ECB encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+
+=item B<-e>
+
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+
+=item B<-E>
+
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+
+=item B<-d>
+
+Decrypt data that was encrypted with the B<-e> option.
+
+=item B<-D>
+
+Decrypt data that was encrypted with the B<-E> option.
+
+=item B<-c>
+
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+B<-c>
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+
+=item B<-C>
+
+A cbc checksum is generated in the same manner as described for the
+B<-c>
+option but the DES key is generated in the same manner as used for the
+B<-E>
+and
+B<-D>
+options
+
+=item B<-f>
+
+Does nothing - allowed for compatibility with sunOS des(1) command.
+
+=item B<-s>
+
+Does nothing - allowed for compatibility with sunOS des(1) command.
+
+=item B<-k> I<key>
+
+Use the encryption 
+I<key>
+specified.
+
+=item B<-h>
+
+The
+I<key>
+is assumed to be a 16 character hexadecimal number.
+If the
+B<-3>
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+
+=item B<-u>
+
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the B<-u> are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the B<-u>, the name text.des
+will be embedded in the header.
+
+=head1 SEE ALSO
+
+ps(1),
+L<des_crypt(3)|des_crypt(3)>
+
+=head1 BUGS
+
+The problem with using the
+B<-e>
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+B<-E>, B<-D>, B<-S>
+and
+B<-3>)
+uses DES to help generate the key.
+
+Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
+not decrypt filename (the B<-u> option will gobble the B<-d> option).
+
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from Unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the B<-u> option
+to uuencode the data before it is send to the VMS system.
+
+=head1 AUTHOR
+
+Eric Young (eay@cryptsoft.com)
+
+=cut
diff --git a/src/lib/libcrypto/des/des3s.cpp b/src/lib/libcrypto/des/des3s.cpp
new file mode 100644
index 0000000000..02d527c057
--- /dev/null
+++ b/src/lib/libcrypto/des/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key1,key2,key3;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(s1);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        }
+
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
+
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
index 828feba208..5c47553a5a 100644
--- a/src/lib/libcrypto/des/des_enc.c
+++ b/src/lib/libcrypto/des/des_enc.c
@@ -59,6 +59,8 @@
 #include "des_locl.h"
 #include "spr.h"
 
+#ifndef OPENBSD_DES_ASM
+
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
         {
         register DES_LONG l,r,t,u;
@@ -240,6 +242,8 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
         l=r=t=u=0;
         }
 
+#endif /* OPENBSD_DES_ASM */
+
 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
                   DES_key_schedule *ks2, DES_key_schedule *ks3)
         {
diff --git a/src/lib/libcrypto/des/des_old.c b/src/lib/libcrypto/des/des_old.c
new file mode 100644
index 0000000000..7c33ed7a93
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old.c
@@ -0,0 +1,273 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes.  OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+const char *_ossl_old_des_options(void)
+        {
+        return DES_options();
+        }
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        des_key_schedule ks1,des_key_schedule ks2,
+        des_key_schedule ks3, int enc)
+        {
+        DES_ecb3_encrypt((const_DES_cblock *)input, output,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, enc);
+        }
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+        {
+        return DES_cbc_cksum((unsigned char *)input, output, length,
+                (DES_key_schedule *)schedule, ivec);
+        }
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+        _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
+        {
+        DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
+        }
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+        long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_cfb_encrypt(in, out, numbits, length,
+                (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        des_key_schedule ks,int enc)
+        {
+        DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
+        {
+        DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
+        {
+        DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+        des_key_schedule ks2, des_key_schedule ks3)
+        {
+        DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3);
+        }
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+        des_key_schedule ks2, des_key_schedule ks3)
+        {
+        DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3);
+        }
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+        long length, des_key_schedule ks1, des_key_schedule ks2, 
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
+        {
+        DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, enc);
+        }
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, des_key_schedule ks1, des_key_schedule ks2,
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
+        {
+        DES_ede3_cfb64_encrypt(in, out, length,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, num, enc);
+        }
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, des_key_schedule ks1, des_key_schedule ks2,
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
+        {
+        DES_ede3_ofb64_encrypt(in, out, length,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, num);
+        }
+
+#if 0 /* broken code, preserved just in case anyone specifically looks for this */
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+        _ossl_old_des_cblock (*out_white))
+        {
+        DES_xwhite_in2out(des_key, in_white, out_white);
+        }
+#endif
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+        _ossl_old_des_cblock *iv)
+        {
+        return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+        }
+int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+        _ossl_old_des_cblock *iv)
+        {
+        return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+        }
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
+        {
+        return DES_fcrypt(buf, salt, ret);
+        }
+char *_ossl_old_des_crypt(const char *buf,const char *salt)
+        {
+        return DES_crypt(buf, salt);
+        }
+char *_ossl_old_crypt(const char *buf,const char *salt)
+        {
+        return DES_crypt(buf, salt);
+        }
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+        int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+        {
+        DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+                ivec);
+        }
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,int out_count,_ossl_old_des_cblock *seed)
+        {
+        return DES_quad_cksum((unsigned char *)input, output, length,
+                out_count, seed);
+        }
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+        {
+        RAND_seed(key, sizeof(_ossl_old_des_cblock));
+        }
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+        {
+        DES_random_key((DES_cblock *)ret);
+        }
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+                                int verify)
+        {
+        return DES_read_password(key, prompt, verify);
+        }
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
+        const char *prompt, int verify)
+        {
+        return DES_read_2passwords(key1, key2, prompt, verify);
+        }
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+        {
+        DES_set_odd_parity(key);
+        }
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+        {
+        return DES_is_weak_key(key);
+        }
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
+        {
+        return DES_set_key(key, (DES_key_schedule *)schedule);
+        }
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
+        {
+        return DES_key_sched(key, (DES_key_schedule *)schedule);
+        }
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
+        {
+        DES_string_to_key(str, key);
+        }
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
+        {
+        DES_string_to_2keys(str, key1, key2);
+        }
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
+        {
+        DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                ivec, num, enc);
+        }
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
+        {
+        DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                ivec, num);
+        }
diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h
new file mode 100644
index 0000000000..8665ba4e7e
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old.h
@@ -0,0 +1,446 @@
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes.  OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ *     that is compatible with libdes and SSLeay.
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode.  However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else.  Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DES_OLD_H
+#define HEADER_DES_OLD_H
+
+#include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
+
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
+#endif
+
+#ifndef HEADER_DES_H
+#error You must include des.h, not des_old.h directly.
+#endif
+
+#ifdef _KERBEROS_DES_H
+#error <openssl/des_old.h> replaces <kerberos/des.h>.
+#endif
+
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef _
+#undef _
+#endif
+
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct
+        {
+        union   {
+                _ossl_old_des_cblock _;
+                /* make sure things are correct size on machines with
+                 * 8 byte longs */
+                DES_LONG pad[2];
+                } ks;
+        } _ossl_old_des_key_schedule[16];
+
+#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+#define des_cblock DES_cblock
+#define const_des_cblock const_DES_cblock
+#define des_key_schedule DES_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+        DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+#define des_options()\
+        DES_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+        DES_cbc_cksum((i),(o),(l),&(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+        DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+        DES_ecb_encrypt((i),(o),&(k),(e))
+#define des_encrypt1(d,k,e)\
+        DES_encrypt1((d),&(k),(e))
+#define des_encrypt2(d,k,e)\
+        DES_encrypt2((d),&(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+        DES_encrypt3((d),&(k1),&(k2),&(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+        DES_decrypt3((d),&(k1),&(k2),&(k3))
+#define des_xwhite_in2out(k,i,o)\
+        DES_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+        DES_enc_read((f),(b),(l),&(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+        DES_enc_write((f),(b),(l),&(k),(iv))
+#define des_fcrypt(b,s,r)\
+        DES_fcrypt((b),(s),(r))
+#if 0
+#define des_crypt(b,s)\
+        DES_crypt((b),(s))
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#define crypt(b,s)\
+        DES_crypt((b),(s))
+#endif
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+        DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+        DES_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+        _ossl_096_des_random_seed((k))
+#define des_random_key(r)\
+        DES_random_key((r))
+#define des_read_password(k,p,v) \
+        DES_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+        DES_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+        DES_set_odd_parity((k))
+#define des_check_key_parity(k)\
+        DES_check_key_parity((k))
+#define des_is_weak_key(k)\
+        DES_is_weak_key((k))
+#define des_set_key(k,ks)\
+        DES_set_key((k),&(ks))
+#define des_key_sched(k,ks)\
+        DES_key_sched((k),&(ks))
+#define des_set_key_checked(k,ks)\
+        DES_set_key_checked((k),&(ks))
+#define des_set_key_unchecked(k,ks)\
+        DES_set_key_unchecked((k),&(ks))
+#define des_string_to_key(s,k)\
+        DES_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+        DES_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+                
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#else /* libdes compatibility */
+/* Map all symbol names to _ossl_old_des_* form, so we avoid all
+   clashes with libdes */
+#define des_cblock _ossl_old_des_cblock
+#define des_key_schedule _ossl_old_des_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+#define des_options()\
+        _ossl_old_des_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+        _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+        _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+#define des_encrypt(d,k,e)\
+        _ossl_old_des_encrypt((d),(k),(e))
+#define des_encrypt2(d,k,e)\
+        _ossl_old_des_encrypt2((d),(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+        _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+        _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+#define des_xwhite_in2out(k,i,o)\
+        _ossl_old_des_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+        _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+        _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+#define des_fcrypt(b,s,r)\
+        _ossl_old_des_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+        _ossl_old_des_crypt((b),(s))
+#if 0
+#define crypt(b,s)\
+        _ossl_old_crypt((b),(s))
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+        _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+        _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+        _ossl_old_des_random_seed((k))
+#define des_random_key(r)\
+        _ossl_old_des_random_key((r))
+#define des_read_password(k,p,v) \
+        _ossl_old_des_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+        _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+        _ossl_old_des_set_odd_parity((k))
+#define des_is_weak_key(k)\
+        _ossl_old_des_is_weak_key((k))
+#define des_set_key(k,ks)\
+        _ossl_old_des_set_key((k),(ks))
+#define des_key_sched(k,ks)\
+        _ossl_old_des_key_sched((k),(ks))
+#define des_string_to_key(s,k)\
+        _ossl_old_des_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+        _ossl_old_des_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+                
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#endif
+
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+        _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+        long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        _ossl_old_des_key_schedule ks,int enc);
+void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+        _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+        _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
+#if 0
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+        _ossl_old_des_cblock (*out_white));
+#endif
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+        _ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+        _ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf,const char *salt);
+#endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+        int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,int out_count,_ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
+        const char *prompt,int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_096_des_random_seed(des_cblock *key);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
+#endif
+
+#define des_fixup_key_parity DES_fixup_key_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+/* for DES_read_pw_string et al */
+#include <openssl/ui_compat.h>
+
+#endif
diff --git a/src/lib/libcrypto/des/des_old2.c b/src/lib/libcrypto/des/des_old2.c
new file mode 100644
index 0000000000..c8fa3ee135
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old2.c
@@ -0,0 +1,82 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
+ * provides functions where "des_" has been replaced with "DES_" in
+ * the names, to make it possible to make incompatible changes that
+ * are needed for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+void _ossl_096_des_random_seed(DES_cblock *key)
+        {
+        RAND_seed(key, sizeof(DES_cblock));
+        }
diff --git a/src/lib/libcrypto/des/des_opts.c b/src/lib/libcrypto/des/des_opts.c
new file mode 100644
index 0000000000..2df82962c5
--- /dev/null
+++ b/src/lib/libcrypto/des/des_opts.c
@@ -0,0 +1,608 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+#ifndef OPENSSL_SYS_MSDOS
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD
+#else
+#include <io.h>
+extern void exit();
+#endif
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/des.h>
+#include "spr.h"
+
+#define DES_DEFAULT_OPTIONS
+
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+
+#ifdef PART1
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define DES_encrypt1 des_encrypt_u4_cisc_idx
+#define DES_encrypt2 des_encrypt2_u4_cisc_idx
+#define DES_encrypt3 des_encrypt3_u4_cisc_idx
+#define DES_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_idx
+#define DES_encrypt2 des_encrypt2_u16_cisc_idx
+#define DES_encrypt3 des_encrypt3_u16_cisc_idx
+#define DES_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_idx
+#define DES_encrypt2 des_encrypt2_u4_risc1_idx
+#define DES_encrypt3 des_encrypt3_u4_risc1_idx
+#define DES_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART2
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_idx
+#define DES_encrypt2 des_encrypt2_u4_risc2_idx
+#define DES_encrypt3 des_encrypt3_u4_risc2_idx
+#define DES_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_idx
+#define DES_encrypt2 des_encrypt2_u16_risc1_idx
+#define DES_encrypt3 des_encrypt3_u16_risc1_idx
+#define DES_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_idx
+#define DES_encrypt2 des_encrypt2_u16_risc2_idx
+#define DES_encrypt3 des_encrypt3_u16_risc2_idx
+#define DES_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART3
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+#ifdef PART4
+
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+
+#endif
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count++) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch,DES_ENCRYPT); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        DES_key_schedule sch,sch2,sch3;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+
+        DES_set_key_unchecked(&key,&sch);
+        DES_set_key_unchecked(&key2,&sch2);
+        DES_set_key_unchecked(&key3,&sch3);
+
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        DES_set_key_unchecked(&key,sch);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+
+#ifdef PART1
+        time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+        time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+        time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+        num+=3;
+#endif
+#ifdef PART2
+        time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+        time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+        time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+        num+=3;
+#endif
+#ifdef PART3
+        time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+        time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+        time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+        num+=3;
+#endif
+#ifdef PART4
+        time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+        time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+        time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+        num+=3;
+#endif
+
+#ifdef PART1
+        str[0]=" 4  c i";
+        print_it("des_encrypt_u4_cisc_idx  ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="16  c i";
+        print_it("des_encrypt_u16_cisc_idx ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]=" 4 r1 i";
+        print_it("des_encrypt_u4_risc1_idx ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+        str[3]="16 r1 i";
+        print_it("des_encrypt_u16_risc1_idx",3);
+        if (max < tm[3]) { max=tm[3]; max_idx=3; }
+        str[4]=" 4 r2 i";
+        print_it("des_encrypt_u4_risc2_idx ",4);
+        if (max < tm[4]) { max=tm[4]; max_idx=4; }
+        str[5]="16 r2 i";
+        print_it("des_encrypt_u16_risc2_idx",5);
+        if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+        str[6]=" 4  c p";
+        print_it("des_encrypt_u4_cisc_ptr  ",6);
+        if (max < tm[6]) { max=tm[6]; max_idx=6; }
+        str[7]="16  c p";
+        print_it("des_encrypt_u16_cisc_ptr ",7);
+        if (max < tm[7]) { max=tm[7]; max_idx=7; }
+        str[8]=" 4 r1 p";
+        print_it("des_encrypt_u4_risc1_ptr ",8);
+        if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+        str[9]="16 r1 p";
+        print_it("des_encrypt_u16_risc1_ptr",9);
+        if (max < tm[9]) { max=tm[9]; max_idx=9; }
+        str[10]=" 4 r2 p";
+        print_it("des_encrypt_u4_risc2_ptr ",10);
+        if (max < tm[10]) { max=tm[10]; max_idx=10; }
+        str[11]="16 r2 p";
+        print_it("des_encrypt_u16_risc2_ptr",11);
+        if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+        printf("options    des ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<12; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DDES_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DDES_UNROLL\n");
+                break;
+        case 2:
+                printf("-DDES_RISC1\n");
+                break;
+        case 3:
+                printf("-DDES_UNROLL -DDES_RISC1\n");
+                break;
+        case 4:
+                printf("-DDES_RISC2\n");
+                break;
+        case 5:
+                printf("-DDES_UNROLL -DDES_RISC2\n");
+                break;
+        case 6:
+                printf("-DDES_PTR\n");
+                break;
+        case 7:
+                printf("-DDES_UNROLL -DDES_PTR\n");
+                break;
+        case 8:
+                printf("-DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 9:
+                printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 10:
+                printf("-DDES_RISC2 -DDES_PTR\n");
+                break;
+        case 11:
+                printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h
new file mode 100644
index 0000000000..d1ada258a6
--- /dev/null
+++ b/src/lib/libcrypto/des/des_ver.h
@@ -0,0 +1,71 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* The following macros make sure the names are different from libdes names */
+#define DES_version OSSL_DES_version
+#define libdes_version OSSL_libdes_version
+
+OPENSSL_EXTERN const char OSSL_DES_version[];   /* SSLeay version string */
+OPENSSL_EXTERN const char OSSL_libdes_version[];        /* old libdes version string */
diff --git a/src/lib/libcrypto/des/dess.cpp b/src/lib/libcrypto/des/dess.cpp
new file mode 100644
index 0000000000..5549bab90a
--- /dev/null
+++ b/src/lib/libcrypto/des/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(s1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(e2);
+                        des_encrypt1(&data[0],key,1);
+                        }
+
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
+
diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c
new file mode 100644
index 0000000000..64b92a34fe
--- /dev/null
+++ b/src/lib/libcrypto/des/destest.c
@@ -0,0 +1,952 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
+#endif
+#endif
+
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
+#include OPENSSL_UNISTD
+#endif
+#else
+#include <io.h>
+#endif
+#include <string.h>
+
+#ifdef OPENSSL_NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include <openssl/des.h>
+
+#define crypt(c,s) (DES_crypt((c),(s)))
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+        {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+        {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+        {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+        {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+        {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+        {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+        {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+        {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+        {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+        {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+        {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+        {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+        {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+        {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+        {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+        {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+        {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+        {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+        {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+        {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+        {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+        {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+        {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+        {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+        {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+        {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+        {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+        {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+        {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+        {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+        {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+        {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+        {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+        {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+        {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+        {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+        {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+        {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+        {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+        {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+        {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+        {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+        {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+        {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+        {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+        {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+        {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+        {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+        {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+        {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+        {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+        {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+        {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+        {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+        {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+        {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+        {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+        {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+        {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+        {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+        {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+        {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+        {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40]={
+        0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+        0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+        0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        };
+
+static unsigned char cbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+        0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+        0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+#ifdef SCREW_THE_PARITY
+#error "SCREW_THE_PARITY is not ment to be defined."
+#error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char xcbc_ok[32]={
+        0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+        0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+        0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+        0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+        };
+#else
+static unsigned char xcbc_ok[32]={
+        0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
+        0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
+        0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
+        0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
+        };
+#endif
+
+static unsigned char cbc3_ok[32]={
+        0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+        0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+        0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+        0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+
+static unsigned char pcbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+        0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+        0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher8[24]= {
+        0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+        0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+        0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+        0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+        0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+        0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+        0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+        0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+        {
+        0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+        0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+        0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+        };
+
+#if 0
+static DES_LONG cbc_cksum_ret=0xB462FEF7L;
+#else
+static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
+#endif
+static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+        {
+        int j,err=0;
+        unsigned int i;
+        des_cblock in,out,outin,iv3,iv2;
+        des_key_schedule ks,ks2,ks3;
+        unsigned char cbc_in[40];
+        unsigned char cbc_out[40];
+        DES_LONG cs;
+        unsigned char cret[8];
+#ifdef _CRAY
+        struct {
+            int a:32;
+            int b:32;
+        } lqret[2];
+#else
+        DES_LONG lqret[4];
+#endif
+        int num;
+        char *str;
+
+#ifndef OPENSSL_NO_DESCBCM
+        printf("Doing cbcm\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        memset(iv2,'\0',sizeof iv2);
+
+        DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
+                              DES_ENCRYPT);
+        DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
+                              &iv3,&iv2,DES_ENCRYPT);
+        /*      if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                err=1;
+                }
+        */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        memset(iv2,'\0',sizeof iv2);
+        DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                unsigned int n;
+
+                printf("des_ede3_cbcm_encrypt decrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_data[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_in[n]);
+                printf("\n");
+                err=1;
+                }
+#endif
+
+        printf("Doing ecb\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                DES_set_key_unchecked(&key_data[i],&ks);
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+                des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
+
+                if (memcmp(out,cipher_data[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+
+#ifndef LIBDES_LIT
+        printf("Doing ede ecb\n");
+        for (i=0; i<(NUM_TESTS-2); i++)
+                {
+                DES_set_key_unchecked(&key_data[i],&ks);
+                DES_set_key_unchecked(&key_data[i+1],&ks2);
+                DES_set_key_unchecked(&key_data[i+2],&ks3);
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+                des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
+
+                if (memcmp(out,cipher_ecb2[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#endif
+
+        printf("Doing cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                printf("cbc_encrypt encrypt error\n");
+                err=1;
+                }
+
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+                         &iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+                {
+                printf("cbc_encrypt decrypt error\n");
+                err=1;
+                }
+
+#ifndef LIBDES_LIT
+        printf("Doing desx cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
+        if (memcmp(cbc_out,xcbc_ok,32) != 0)
+                {
+                printf("des_xcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+                         &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("des_xcbc_encrypt decrypt error\n");
+                err=1;
+                }
+#endif
+
+        printf("Doing ede cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+
+        des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
+                             DES_ENCRYPT);
+        des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+                             &iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                unsigned int n;
+
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_out[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc3_ok[n]);
+                printf("\n");
+                err=1;
+                }
+
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                unsigned int n;
+
+                printf("des_ede3_cbc_encrypt decrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_data[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_in[n]);
+                printf("\n");
+                err=1;
+                }
+
+#ifndef LIBDES_LIT
+        printf("Doing pcbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &cbc_iv,DES_ENCRYPT);
+        if (memcmp(cbc_out,pcbc_ok,32) != 0)
+                {
+                printf("pcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+                         DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("pcbc_encrypt decrypt error\n");
+                err=1;
+                }
+
+        printf("Doing ");
+        printf("cfb8 ");
+        err+=cfb_test(8,cfb_cipher8);
+        printf("cfb16 ");
+        err+=cfb_test(16,cfb_cipher16);
+        printf("cfb32 ");
+        err+=cfb_test(32,cfb_cipher32);
+        printf("cfb48 ");
+        err+=cfb_test(48,cfb_cipher48);
+        printf("cfb64 ");
+        err+=cfb_test(64,cfb_cipher64);
+
+        printf("cfb64() ");
+        err+=cfb64_test(cfb_cipher64);
+
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+                        8,1,ks,&cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small encrypt error\n");
+                err=1;
+                }
+
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+                        8,1,ks,&cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small decrypt error\n");
+                err=1;
+                }
+
+        printf("ede_cfb64() ");
+        err+=ede_cfb64_test(cfb_cipher64);
+
+        printf("done\n");
+
+        printf("Doing ofb\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+                err=1;
+                }
+
+        printf("Doing ofb64\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+                                  &num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
+                          &num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+
+        printf("Doing ede_ofb64\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
+                                       ks,&ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ede_ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
+                               &ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ede_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+
+        printf("Doing cbc_cksum\n");
+        DES_set_key_checked(&cbc_key,&ks);
+        cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
+        if (cs != cbc_cksum_ret)
+                {
+                printf("bad return value (%08lX), should be %08lX\n",
+                        (unsigned long)cs,(unsigned long)cbc_cksum_ret);
+                err=1;
+                }
+        if (memcmp(cret,cbc_cksum_data,8) != 0)
+                {
+                printf("bad cbc_cksum block returned\n");
+                err=1;
+                }
+
+        printf("Doing quad_cksum\n");
+        cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
+                (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
+        if (cs != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+                        (unsigned long)cs);
+                err=1;
+                }
+#ifdef _CRAY
+        if (lqret[0].a != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0].a,0x327eba8dUL);
+                err=1;
+                }
+        if (lqret[0].b != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0].b,0x201a49ccUL);
+                err=1;
+                }
+        if (lqret[1].a != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1].a,0x70d7a63aUL);
+                err=1;
+                }
+        if (lqret[1].b != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1].b,0x501c2c26UL);
+                err=1;
+                }
+#else
+        if (lqret[0] != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0],0x327eba8dUL);
+                err=1;
+                }
+        if (lqret[1] != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1],0x201a49ccUL);
+                err=1;
+                }
+        if (lqret[2] != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[2],0x70d7a63aUL);
+                err=1;
+                }
+        if (lqret[3] != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[3],0x501c2c26UL);
+                err=1;
+                }
+#endif
+#endif
+
+        printf("input word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+                                 strlen((char *)cbc_data)+1,ks,
+                                 &cbc_iv,DES_ENCRYPT);
+                }
+        printf("\noutput word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+                                 strlen((char *)cbc_data)+1,ks,
+                                 &cbc_iv,DES_ENCRYPT);
+                }
+        printf("\n");
+        printf("fast crypt test ");
+        str=crypt("testing","ef");
+        if (strcmp("efGnQx2725bI2",str) != 0)
+                {
+                printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+                err=1;
+                }
+        str=crypt("bca76;23","yA");
+        if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+                {
+                printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+                err=1;
+                }
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        printf("\n");
+        return(err);
+        }
+
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+
+#ifndef LIBDES_LIT
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int i,err=0;
+
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+                        DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+                        DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        return(err);
+        }
+
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+        des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+                          &cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+        des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                          sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+                               DES_ENCRYPT);
+        des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                               sizeof(plain)-12,ks,ks,ks,
+                               &cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+                               &cfb_tmp,&n,DES_DECRYPT);
+        des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                               sizeof(plain)-17,ks,ks,ks,
+                               &cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+#endif
+#endif
diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c
index 8822816938..87fc71eb26 100644
--- a/src/lib/libcrypto/des/fcrypt_b.c
+++ b/src/lib/libcrypto/des/fcrypt_b.c
@@ -68,6 +68,8 @@
 #include "des_locl.h"
 #undef DES_FCRYPT
 
+#ifndef OPENBSD_DES_ASM
+
 #undef PERM_OP
 #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
         (b)^=(t),\
@@ -141,3 +143,4 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
         out[1]=l;
         }
 
+#endif /* OPENBSD_DES_ASM */
diff --git a/src/lib/libcrypto/des/makefile.bc b/src/lib/libcrypto/des/makefile.bc
new file mode 100644
index 0000000000..1fe6d4915a
--- /dev/null
+++ b/src/lib/libcrypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+
+.c.obj:
+        $(CC) $(CFLAGS) $*.c
+
+.obj.exe:
+        $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+        del *.exe
+        del *.obj
+        del libdes.lib
+        del libdes.rsp
+
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+        qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+        enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+        ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+        cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+        ofb64ede.obj supp.obj
+
+LIB=    libdes.lib
+
+$(LIB): $(OBJS)
+        del $(LIB)
+        makersp "+%s &\n" &&|
+        $(OBJS)
+|       >libdes.rsp
+        $(TLIB) libdes.lib @libdes.rsp,nul
+        del libdes.rsp
+
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
+
+
diff --git a/src/lib/libcrypto/des/options.txt b/src/lib/libcrypto/des/options.txt
new file mode 100644
index 0000000000..6e2b50f765
--- /dev/null
+++ b/src/lib/libcrypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler          577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR     496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]    459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1       433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL              380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler                  281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler                    281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL                          275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR          235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR                 233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR             191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]                        181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR           158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]                            148,000 1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL             123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR                 101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL                       81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler                    65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR      76,000  608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2                 43,500  344k/s
+AIX - old slow one :-) - cc -                                    39,000  312k/s
+
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/src/lib/libcrypto/des/read2pwd.c b/src/lib/libcrypto/des/read2pwd.c
new file mode 100644
index 0000000000..ee6969f76e
--- /dev/null
+++ b/src/lib/libcrypto/des/read2pwd.c
@@ -0,0 +1,140 @@
+/* crypto/des/read2pwd.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/ui.h>
+#include <openssl/crypto.h>
+
+int DES_read_password(DES_cblock *key, const char *prompt, int verify)
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+
+        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                DES_string_to_key(buf,key);
+        OPENSSL_cleanse(buf,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ok);
+        }
+
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+             int verify)
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+
+        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                DES_string_to_2keys(buf,key1,key2);
+        OPENSSL_cleanse(buf,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c
new file mode 100644
index 0000000000..ce5fa00a37
--- /dev/null
+++ b/src/lib/libcrypto/des/read_pwd.c
@@ -0,0 +1,521 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
+#endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+#if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+#endif
+#endif
+
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+
+#ifdef WIN16TTY
+#undef OPENSSL_SYS_WIN16
+#undef _WINDOWS
+#include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef OPENSSL_SYS_VMS                  /* prototypes for sys$whatever */
+#include <starlet.h>
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+#include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+#include <wincon.h>
+#endif
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+
+#ifdef TERMIOS
+#include <termios.h>
+#define TTY_STRUCT              struct termios
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       tcgetattr(tty,data)
+#define TTY_set(tty,data)       tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+#include <termio.h>
+#define TTY_STRUCT              struct termio
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)       ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+#include <sgtty.h>
+#define TTY_STRUCT              struct sgttyb
+#define TTY_FLAGS               sg_flags
+#define TTY_get(tty,data)       ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)       ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
+#include <sys/ioctl.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
+#include <conio.h>
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+#include <ssdef.h>
+#include <iodef.h>
+#include <ttdef.h>
+#include <descrip.h>
+struct IOSB {
+        short iosb$w_value;
+        short iosb$w_count;
+        long  iosb$l_info;
+        };
+#endif
+
+#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *                                      <appro@fy.chalmers.se>
+ */
+#define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+  static void (*savsig[NX509_SIG])(int );
+#endif
+static jmp_buf save;
+
+int des_read_pw_string(char *buf, int length, const char *prompt,
+             int verify)
+        {
+        char buff[BUFSIZ];
+        int ret;
+
+        ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ret);
+        }
+
+#ifdef OPENSSL_SYS_WINCE
+
+int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+
+#elif defined(OPENSSL_SYS_WIN16)
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+
+#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
+
+static void read_till_nl(FILE *in)
+        {
+#define SIZE 4
+        char buf[SIZE+1];
+
+        do      {
+                fgets(buf,SIZE,in);
+                } while (strchr(buf,'\n') == NULL);
+        }
+
+
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+             int verify)
+        {
+#ifdef OPENSSL_SYS_VMS
+        struct IOSB iosb;
+        $DESCRIPTOR(terminal,"TT");
+        long tty_orig[3], tty_new[3];
+        long status;
+        unsigned short channel = 0;
+#else
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+        TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+        int number;
+        int ok;
+        /* statics are simply to avoid warnings about longjmp clobbering
+           things */
+        static int ps;
+        int is_a_tty;
+        static FILE *tty;
+        char *p;
+
+        if (setjmp(save))
+                {
+                ok=0;
+                goto error;
+                }
+
+        number=5;
+        ok=0;
+        ps=0;
+        is_a_tty=1;
+        tty=NULL;
+
+#ifdef OPENSSL_SYS_MSDOS
+        if ((tty=fopen("con","r")) == NULL)
+                tty=stdin;
+#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
+        tty=stdin;
+#else
+#ifndef OPENSSL_SYS_MPE
+        if ((tty=fopen("/dev/tty","r")) == NULL)
+#endif
+                tty=stdin;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+        if (TTY_get(fileno(tty),&tty_orig) == -1)
+                {
+#ifdef ENOTTY
+                if (errno == ENOTTY)
+                        is_a_tty=0;
+                else
+#endif
+#ifdef EINVAL
+                /* Ariel Glenn ariel@columbia.edu reports that solaris
+                 * can return EINVAL instead.  This should be ok */
+                if (errno == EINVAL)
+                        is_a_tty=0;
+                else
+#endif
+                        return(-1);
+                }
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef OPENSSL_SYS_VMS
+        status = sys$assign(&terminal,&channel,0,0);
+        if (status != SS$_NORMAL)
+                return(-1);
+        status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+
+        pushsig();
+        ps=1;
+
+#ifdef TTY_FLAGS
+        tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+#ifdef OPENSSL_SYS_MPE 
+                ; /* MPE lies -- echo really has been disabled */
+#else
+                return(-1);
+#endif
+#endif
+#ifdef OPENSSL_SYS_VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        ps=2;
+
+        while ((!ok) && (number--))
+                {
+                fputs(prompt,stderr);
+                fflush(stderr);
+
+                buf[0]='\0';
+                fgets(buf,size,tty);
+                if (feof(tty)) goto error;
+                if (ferror(tty)) goto error;
+                if ((p=(char *)strchr(buf,'\n')) != NULL)
+                        *p='\0';
+                else    read_till_nl(tty);
+                if (verify)
+                        {
+                        fprintf(stderr,"\nVerifying password - %s",prompt);
+                        fflush(stderr);
+                        buff[0]='\0';
+                        fgets(buff,size,tty);
+                        if (feof(tty)) goto error;
+                        if ((p=(char *)strchr(buff,'\n')) != NULL)
+                                *p='\0';
+                        else    read_till_nl(tty);
+                                
+                        if (strcmp(buf,buff) != 0)
+                                {
+                                fprintf(stderr,"\nVerify failure");
+                                fflush(stderr);
+                                break;
+                                /* continue; */
+                                }
+                        }
+                ok=1;
+                }
+
+error:
+        fprintf(stderr,"\n");
+#if 0
+        perror("fgets(tty)");
+#endif
+        /* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef OPENSSL_SYS_VMS
+        if (ps >= 2)
+                status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
+                        ,tty_orig,12,0,0,0,0);
+#endif
+        
+        if (ps >= 1) popsig();
+        if (stdin != tty) fclose(tty);
+#ifdef OPENSSL_SYS_VMS
+        status = sys$dassgn(channel);
+#endif
+        return(!ok);
+        }
+
+static void pushsig(void)
+        {
+        int i;
+#ifdef SIGACTION
+        struct sigaction sa;
+
+        memset(&sa,0,sizeof sa);
+        sa.sa_handler=recsig;
+#endif
+
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&sa,&savsig[i]);
+#else
+                savsig[i]=signal(i,recsig);
+#endif
+                }
+
+#ifdef SIGWINCH
+        signal(SIGWINCH,SIG_DFL);
+#endif
+        }
+
+static void popsig(void)
+        {
+        int i;
+
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&savsig[i],NULL);
+#else
+                signal(i,savsig[i]);
+#endif
+                }
+        }
+
+static void recsig(int i)
+        {
+        longjmp(save,1);
+#ifdef LINT
+        i=i;
+#endif
+        }
+
+#ifdef OPENSSL_SYS_MSDOS
+static int noecho_fgets(char *buf, int size, FILE *tty)
+        {
+        int i;
+        char *p;
+
+        p=buf;
+        for (;;)
+                {
+                if (size == 0)
+                        {
+                        *p='\0';
+                        break;
+                        }
+                size--;
+#ifdef WIN16TTY
+                i=_inchar();
+#else
+                i=getch();
+#endif
+                if (i == '\r') i='\n';
+                *(p++)=i;
+                if (i == '\n')
+                        {
+                        *p='\0';
+                        break;
+                        }
+                }
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+                {
+                        HANDLE inh;
+                        inh = GetStdHandle(STD_INPUT_HANDLE);
+                        FlushConsoleInputBuffer(inh);
+                }
+#endif
+        return(strlen(buf));
+        }
+#endif
+#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/src/lib/libcrypto/des/rpc_des.h b/src/lib/libcrypto/des/rpc_des.h
new file mode 100644
index 0000000000..8263c512ab
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_des.h
@@ -0,0 +1,133 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ *       copyright notice, this list of conditions and the following
+ *       disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ *     * Neither the name of the "Oracle America, Inc." nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ */
+
+#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt  */
+#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
+
+#ifdef HEADER_DES_H
+#undef ENCRYPT
+#undef DECRYPT
+#endif
+
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+        unsigned char des_key[8];       /* key (with low bit parity) */
+        enum desdir des_dir;    /* direction */
+        enum desmode des_mode;  /* mode */
+        unsigned char des_ivec[8];      /* input vector */
+        unsigned des_len;       /* number of bytes to crypt */
+        union {
+                unsigned char UDES_data[DES_QUICKLEN];
+                unsigned char *UDES_buf;
+        } UDES;
+#       define des_data UDES.UDES_data  /* direct data here if quick */
+#       define des_buf  UDES.UDES_buf   /* otherwise, pointer to data */
+};
+
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK     _IOWR('d', 6, struct desparams)
+
+/* 
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK     _IOWR('d', 7, struct desparams) 
+
diff --git a/src/lib/libcrypto/des/rpc_enc.c b/src/lib/libcrypto/des/rpc_enc.c
new file mode 100644
index 0000000000..d937d08da5
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_enc.c
@@ -0,0 +1,98 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+
+int _des_crypt(char *buf,int len,struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp)
+        {
+        DES_key_schedule ks;
+        int enc;
+
+        DES_set_key_unchecked(&desp->des_key,&ks);
+        enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+
+        if (desp->des_mode == CBC)
+                DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+                                (DES_cblock *)desp->UDES.UDES_buf,&ks,
+                                enc);
+        else
+                {
+                DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+                                len,&ks,&desp->des_ivec,enc);
+#ifdef undef
+                /* len will always be %8 if called from common_crypt
+                 * in secure_rpc.
+                 * Libdes's cbc encrypt does not copy back the iv,
+                 * so we have to do it here. */
+                /* It does now :-) eay 20/09/95 */
+
+                a=(char *)&(desp->UDES.UDES_buf[len-8]);
+                b=(char *)&(desp->des_ivec[0]);
+
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+#endif
+                }
+        return(1);      
+        }
+
diff --git a/src/lib/libcrypto/des/rpw.c b/src/lib/libcrypto/des/rpw.c
new file mode 100644
index 0000000000..8a9473c4f9
--- /dev/null
+++ b/src/lib/libcrypto/des/rpw.c
@@ -0,0 +1,99 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/des.h>
+
+int main(int argc, char *argv[])
+        {
+        DES_cblock k,k1;
+        int i;
+
+        printf("read passwd\n");
+        if ((i=des_read_password(&k,"Enter password:",0)) == 0)
+                {
+                printf("password = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                }
+        else
+                printf("error %d\n",i);
+        printf("\n");
+        printf("read 2passwds and verify\n");
+        if ((i=des_read_2passwords(&k,&k1,
+                "Enter verified password:",1)) == 0)
+                {
+                printf("password1 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                printf("\n");
+                printf("password2 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k1[i]);
+                printf("\n");
+                exit(1);
+                }
+        else
+                {
+                printf("error %d\n",i);
+                exit(0);
+                }
+#ifdef LINT
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index da4d62e112..d3e69ca8b5 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -63,9 +63,10 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
-#include <openssl/crypto.h>
 #include "des_locl.h"
 
+#include <openssl/crypto.h>
+
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 
 static const unsigned char odd_parity[256]={
diff --git a/src/lib/libcrypto/des/speed.c b/src/lib/libcrypto/des/speed.c
new file mode 100644
index 0000000000..1616f4b7c9
--- /dev/null
+++ b/src/lib/libcrypto/des/speed.c
@@ -0,0 +1,314 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#define crypt(c,s) (des_crypt((c),(s)))
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/des.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        DES_key_schedule sch,sch2,sch3;
+        double a,b,c,d,e;
+#ifndef SIGALRM
+        long ca,cb,cc,cd,ce;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+        DES_set_key_unchecked(&key2,&sch2);
+        DES_set_key_unchecked(&key3,&sch3);
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        DES_set_key_unchecked(&key,&sch);
+        count=10;
+        do      {
+                long i;
+                DES_LONG data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        DES_encrypt1(data,&sch,DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+        printf("Doing set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count++)
+                DES_set_key_unchecked(&key,&sch);
+        d=Time_F(STOP);
+        printf("%ld set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing DES_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing DES_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count++)
+                {
+                DES_LONG data[2];
+
+                DES_encrypt1(data,&sch,DES_ENCRYPT);
+                }
+        d=Time_F(STOP);
+        printf("%ld DES_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &key,DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+        printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cd); count++)
+                DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+                        &sch,
+                        &sch2,
+                        &sch3,
+                        &key,
+                        DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        d=((double)COUNT(cd)*BUFSIZE)/d;
+
+#ifdef SIGALRM
+        printf("Doing crypt for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing crypt %ld times\n",ce);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ce); count++)
+                crypt("testing1","ef");
+        e=Time_F(STOP);
+        printf("%ld crypts in %.2f second\n",count,e);
+        e=((double)COUNT(ce))/e;
+
+        printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+        printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
index 1077f99d1b..9c2054bda6 100644
--- a/src/lib/libcrypto/des/str2key.c
+++ b/src/lib/libcrypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/crypto.h>
 #include "des_locl.h"
+#include <openssl/crypto.h>
 
 void DES_string_to_key(const char *str, DES_cblock *key)
         {
diff --git a/src/lib/libcrypto/des/t/test b/src/lib/libcrypto/des/t/test
new file mode 100644
index 0000000000..97acd0552e
--- /dev/null
+++ b/src/lib/libcrypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+
+use DES;
+
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
+
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+
diff --git a/src/lib/libcrypto/des/times/486-50.sol b/src/lib/libcrypto/des/times/486-50.sol
new file mode 100644
index 0000000000..0de62d6db3
--- /dev/null
+++ b/src/lib/libcrypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
+
diff --git a/src/lib/libcrypto/des/times/586-100.lnx b/src/lib/libcrypto/des/times/586-100.lnx
new file mode 100644
index 0000000000..4323914a11
--- /dev/null
+++ b/src/lib/libcrypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libcrypto/des/times/686-200.fre b/src/lib/libcrypto/des/times/686-200.fre
new file mode 100644
index 0000000000..7d83f6adee
--- /dev/null
+++ b/src/lib/libcrypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libcrypto/des/times/aix.cc b/src/lib/libcrypto/des/times/aix.cc
new file mode 100644
index 0000000000..d96b74e2ce
--- /dev/null
+++ b/src/lib/libcrypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia <pgarcia@cam.es>
+
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
+
diff --git a/src/lib/libcrypto/des/times/alpha.cc b/src/lib/libcrypto/des/times/alpha.cc
new file mode 100644
index 0000000000..95c17efae7
--- /dev/null
+++ b/src/lib/libcrypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
+
diff --git a/src/lib/libcrypto/des/times/hpux.cc b/src/lib/libcrypto/des/times/hpux.cc
new file mode 100644
index 0000000000..3de856ddac
--- /dev/null
+++ b/src/lib/libcrypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
+
diff --git a/src/lib/libcrypto/des/times/sparc.gcc b/src/lib/libcrypto/des/times/sparc.gcc
new file mode 100644
index 0000000000..8eaa042104
--- /dev/null
+++ b/src/lib/libcrypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/src/lib/libcrypto/des/times/usparc.cc b/src/lib/libcrypto/des/times/usparc.cc
new file mode 100644
index 0000000000..0864285ef6
--- /dev/null
+++ b/src/lib/libcrypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I believe the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%     <-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
+
diff --git a/src/lib/libcrypto/des/typemap b/src/lib/libcrypto/des/typemap
new file mode 100644
index 0000000000..a524f53634
--- /dev/null
+++ b/src/lib/libcrypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *       T_DESCHARP
+des_cblock *    T_CBLOCK
+des_cblock      T_CBLOCK
+des_key_schedule        T_SCHEDULE
+des_key_schedule *      T_SCHEDULE
+
+INPUT
+T_CBLOCK
+        $var=(des_cblock *)SvPV($arg,len);
+        if (len < DES_KEY_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+                }
+
+T_SCHEDULE
+        $var=(des_key_schedule *)SvPV($arg,len);
+        if (len < DES_SCHEDULE_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",
+                        DES_SCHEDULE_SZ);
+                }
+
+OUTPUT
+T_CBLOCK
+        sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+
+T_SCHEDULE
+        sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+
+T_DESCHARP
+        sv_setpvn($arg,(char *)$var,len);
diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
new file mode 100644
index 0000000000..f23b4f7fde
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile
@@ -0,0 +1,180 @@
+#
+# OpenSSL/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
+        dh_ameth.c dh_pmeth.c dh_prn.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
+        dh_ameth.o dh_pmeth.o dh_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_ameth.o: ../../include/openssl/opensslconf.h
+dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dh_ameth.o: dh_ameth.c
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_depr.o: ../cryptlib.h dh_depr.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_err.o: dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dh_lib.o: ../cryptlib.h dh_lib.c
+dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dh_pmeth.o: dh_pmeth.c
+dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c
diff --git a/src/lib/libcrypto/dh/dh1024.pem b/src/lib/libcrypto/dh/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh192.pem b/src/lib/libcrypto/dh/dh192.pem
new file mode 100644
index 0000000000..521c07271d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh2048.pem b/src/lib/libcrypto/dh/dh2048.pem
new file mode 100644
index 0000000000..295460f508
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh4096.pem b/src/lib/libcrypto/dh/dh4096.pem
new file mode 100644
index 0000000000..390943a21d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/src/lib/libcrypto/dh/dh512.pem b/src/lib/libcrypto/dh/dh512.pem
new file mode 100644
index 0000000000..0a4d863ebe
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
new file mode 100644
index 0000000000..882f5c310a
--- /dev/null
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -0,0 +1,226 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+        {
+        BN_GENCB _cb;
+        DH *a;
+        DH *b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=1;
+        BIO *out;
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+        BN_GENCB_set(&_cb, &cb, out);
+        if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+                                DH_GENERATOR_5, &_cb))
+                goto err;
+
+        if (!DH_check(a, &i)) goto err;
+        if (i & DH_CHECK_P_NOT_PRIME)
+                BIO_puts(out, "p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+                BIO_puts(out, "p value is not a safe prime\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+                BIO_puts(out, "unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+                BIO_puts(out, "the g value is not a generator\n");
+
+        BIO_puts(out,"\np    =");
+        BN_print(out,a->p);
+        BIO_puts(out,"\ng    =");
+        BN_print(out,a->g);
+        BIO_puts(out,"\n");
+
+        b=DH_new();
+        if (b == NULL) goto err;
+
+        b->p=BN_dup(a->p);
+        b->g=BN_dup(a->g);
+        if ((b->p == NULL) || (b->g == NULL)) goto err;
+
+        /* Set a to run with normal modexp and b to use constant time */
+        a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+        b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+        if (!DH_generate_key(a)) goto err;
+        BIO_puts(out,"pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\npub 1=");
+        BN_print(out,a->pub_key);
+        BIO_puts(out,"\n");
+
+        if (!DH_generate_key(b)) goto err;
+        BIO_puts(out,"pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\npub 2=");
+        BN_print(out,b->pub_key);
+        BIO_puts(out,"\n");
+
+        alen=DH_size(a);
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=DH_compute_key(abuf,b->pub_key,a);
+
+        BIO_puts(out,"key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+
+        blen=DH_size(b);
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=DH_compute_key(bbuf,a->pub_key,b);
+
+        BIO_puts(out,"key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+                fprintf(stderr,"Error in DH routines\n");
+                ret=1;
+                }
+        else
+                ret=0;
+err:
+        ERR_print_errors_fp(stderr);
+
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if(b != NULL) DH_free(b);
+        if(a != NULL) DH_free(a);
+        BIO_free(out);
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
+        EXIT(ret);
+        return(ret);
+        }
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(arg->arg,&c,1);
+        (void)BIO_flush(arg->arg);
+#ifdef LINT
+        p=n;
+#endif
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/dh/example b/src/lib/libcrypto/dh/example
new file mode 100644
index 0000000000..16a33d2910
--- /dev/null
+++ b/src/lib/libcrypto/dh/example
@@ -0,0 +1,50 @@
+From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
+Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+Received: by minbne.mincom.oz.au id AA19958
+  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+          Wed, 27 Sep 1995 19:13:05 +1000
+Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+          Wed, 27 Sep 1995 04:48:46 -0400
+Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
+          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
+          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn <karn@qualcomm.com>
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+
+The generator, g, for this prime is 2.
+
+Thanks!
+
+Phil Karn
+
+
diff --git a/src/lib/libcrypto/dh/generate b/src/lib/libcrypto/dh/generate
new file mode 100644
index 0000000000..5d407231df
--- /dev/null
+++ b/src/lib/libcrypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+
+....
+
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" <rcs@cs.arizona.edu>
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+
+3 is a generator iff P = 5 (mod 12).
+
+5 is a generator iff P = 3 or 7 (mod 10).
+
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+
+Rich  rcs@cs.arizona.edu
+
+
+
diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c
new file mode 100644
index 0000000000..368ceca4eb
--- /dev/null
+++ b/src/lib/libcrypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+        0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+        0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+        0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+        0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+        0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+        0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+        0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+        0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+        0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+        0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+        0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+        0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+        0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+        0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+        0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c
new file mode 100644
index 0000000000..7bdf40410e
--- /dev/null
+++ b/src/lib/libcrypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,3);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c
new file mode 100644
index 0000000000..a9b6aa83f0
--- /dev/null
+++ b/src/lib/libcrypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
index 828ecf529b..34443045fc 100644
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -52,11 +52,8 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING> is true. 
-
-An application B<MUST NOT> free the *B<data> pointer (or any other pointers
-returned by these functions) with OPENSSL_free() as freeing is handled
-automatically by the error library.
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index 0ea7d55c0f..d375c46e03 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine
 
 EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
 the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> parameter is used as a salt in the derivation: it should point to
+The B<salt> paramter is used as a salt in the derivation: it should point to
 an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
 B<datal> bytes which is used to derive the keying data. B<count> is the
 iteration count to use. The derived key and IV will be written to B<key>
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 367691cc7a..1aa15acb61 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -252,9 +252,9 @@ digest name passed on the command line.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
+L<SHA1(3)|SHA1(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index 1c4bf184a1..8271d3dfc4 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -152,7 +152,7 @@ does not remain in memory.
 
 EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
 similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
+EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
 initialized and they always use the default cipher implementation.
 
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 620a623ab6..781d43e401 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -89,10 +89,10 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
+L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
index da07d2b930..ae2e5d81f9 100644
--- a/src/lib/libcrypto/doc/dsa.pod
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -101,8 +101,7 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
-L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..5fef4ca5ad
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,209 @@
+#
+# OpenSSL/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= dsa_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_ameth.o: ../../include/openssl/objects.h
+dsa_ameth.o: ../../include/openssl/opensslconf.h
+dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dsa_ameth.o: dsa_ameth.c
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_asn1.o: ../cryptlib.h dsa_asn1.c
+dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_ossl.o: ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c
+dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_pmeth.o: ../../include/openssl/objects.h
+dsa_pmeth.o: ../../include/openssl/opensslconf.h
+dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dsa_pmeth.o: dsa_locl.h dsa_pmeth.c
+dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_prn.o: ../cryptlib.h dsa_prn.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..1b6a1cca0f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/dsa.h>
+
+#define TEST
+#define GENUINE_DSA
+
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+
+#ifdef TEST
+unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,
+        0x60,0xef,0x2b,0xa8,
+        0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,
+        0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+
+int cb(int p, int n)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        printf("%c",c);
+        fflush(stdout);
+        }
+
+main()
+        {
+        int i;
+        BIGNUM *n;
+        BN_CTX *ctx;
+        unsigned char seed_buf[20];
+        DSA *dsa;
+        int counter,h;
+        BIO *bio_err=NULL;
+
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+        memcpy(seed_buf,seed,20);
+        dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
+
+        if (dsa == NULL)
+                DSA_print(bio_err,dsa,0);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..edffd24e6b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,259 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include <openssl/dsa.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
+
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+        };
+
+static unsigned char out_p[]={
+        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+        };
+
+static unsigned char out_q[]={
+        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+        0xda,0xce,0x91,0x5f,
+        };
+
+static unsigned char out_g[]={
+        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+        };
+
+static const unsigned char str1[]="12345678901234567890";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+static BIO *bio_err=NULL;
+
+int main(int argc, char **argv)
+        {
+        BN_GENCB cb;
+        DSA *dsa=NULL;
+        int counter,ret=0,i,j;
+        unsigned char buf[256];
+        unsigned long h;
+        unsigned char sig[256];
+        unsigned int siglen;
+
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+        ERR_load_crypto_strings();
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        BIO_printf(bio_err,"test generation of DSA parameters\n");
+
+        BN_GENCB_set(&cb, dsa_cb, bio_err);
+        if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
+                                seed, 20, &counter, &h, &cb))
+                goto end;
+
+        BIO_printf(bio_err,"seed\n");
+        for (i=0; i<20; i+=4)
+                {
+                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                        seed[i],seed[i+1],seed[i+2],seed[i+3]);
+                }
+        BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
+                
+        DSA_print(bio_err,dsa,0);
+        if (counter != 105) 
+                {
+                BIO_printf(bio_err,"counter should be 105\n");
+                goto end;
+                }
+        if (h != 2)
+                {
+                BIO_printf(bio_err,"h should be 2\n");
+                goto end;
+                }
+
+        i=BN_bn2bin(dsa->q,buf);
+        j=sizeof(out_q);
+        if ((i != j) || (memcmp(buf,out_q,i) != 0))
+                {
+                BIO_printf(bio_err,"q value is wrong\n");
+                goto end;
+                }
+
+        i=BN_bn2bin(dsa->p,buf);
+        j=sizeof(out_p);
+        if ((i != j) || (memcmp(buf,out_p,i) != 0))
+                {
+                BIO_printf(bio_err,"p value is wrong\n");
+                goto end;
+                }
+
+        i=BN_bn2bin(dsa->g,buf);
+        j=sizeof(out_g);
+        if ((i != j) || (memcmp(buf,out_g,i) != 0))
+                {
+                BIO_printf(bio_err,"g value is wrong\n");
+                goto end;
+                }
+
+        dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
+        DSA_generate_key(dsa);
+        DSA_sign(0, str1, 20, sig, &siglen, dsa);
+        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+                ret=1;
+
+        dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+        DSA_generate_key(dsa);
+        DSA_sign(0, str1, 20, sig, &siglen, dsa);
+        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+                ret=1;
+
+end:
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (dsa != NULL) DSA_free(dsa);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_thread_state(NULL);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(bio_err);
+        if (bio_err != NULL)
+                {
+                BIO_free(bio_err);
+                bio_err = NULL;
+                }
+#ifdef OPENSSL_SYS_NETWARE
+    if (!ret) printf("ERROR\n");
+#endif
+        EXIT(!ret);
+        return(0);
+        }
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
+        {
+        char c='*';
+        static int ok=0,num=0;
+
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write(arg->arg,&c,1);
+        (void)BIO_flush(arg->arg);
+
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                return 0;
+                }
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+                     APPENDIX 5. EXAMPLE OF THE DSA
+
+
+This appendix is for informational purposes only and is not required to meet
+the standard.
+
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+
+With this SEED, the algorithm found p and q when the counter was at 105.
+
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+
+XSEED =   
+
+        bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+
+t =
+        67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+
+x = G(t,XSEED) mod q
+
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+
+KSEED =
+
+        687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+
+t =
+        EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+
+k = G(t,KSEED) mod q
+
+Finally:
+
+h = 2
+
+p =
+        8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+        cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+        49693dfb f83724c2 ec0736ee 31c80291
+
+
+q =
+        c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+
+
+g =
+        626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+        3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+        c42e9f6f 464b088c c572af53 e6d78802
+
+
+x =
+        2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+
+
+k =
+        358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+
+
+kinv = 
+
+        0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+
+SHA(M) =  
+
+        a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+
+
+y =
+
+        19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+        9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+        858fba33 f44c0669 9630a76b 030ee333
+
+
+r =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+
+s =
+        41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+
+
+w =
+        9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+
+
+u1 =
+        bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+
+
+u2 =
+        821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+
+
+gu1 mod p =
+
+        51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+        9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+        6f96662a 1987a21b e4ec1071 010b6069
+
+
+yu2 mod p =
+
+        8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+        5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+        c19441f4 22bf3c34 08aeba1f 0a4dbec7
+
+v =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile
new file mode 100644
index 0000000000..fb2709ed63
--- /dev/null
+++ b/src/lib/libcrypto/dso/Makefile
@@ -0,0 +1,150 @@
+#
+# OpenSSL/crypto/dso/Makefile
+#
+
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c dso_beos.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o dso_beos.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dso_beos.o: ../../e_os.h ../../include/openssl/bio.h
+dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_beos.o: ../../include/openssl/opensslconf.h
+dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_dl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dl.o: ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_dlfcn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dlfcn.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_err.o: dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_lib.o: ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_null.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/ossl_typ.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_vms.o: ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_win32.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_win32.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_win32.c
diff --git a/src/lib/libcrypto/dso/README b/src/lib/libcrypto/dso/README
new file mode 100644
index 0000000000..d0bc9a89fb
--- /dev/null
+++ b/src/lib/libcrypto/dso/README
@@ -0,0 +1,22 @@
+NOTES
+-----
+
+I've checked out HPUX (well, version 11 at least) and shl_t is
+a pointer type so it's safe to use in the way it has been in
+dso_dl.c. On the other hand, HPUX11 support dlfcn too and
+according to their man page, prefer developers to move to that.
+I'll leave Richard's changes there as I guess dso_dl is needed
+for HPUX10.20.
+
+There is now a callback scheme in place where filename conversion can
+(a) be turned off altogether through the use of the
+    DSO_FLAG_NO_NAME_TRANSLATION flag,
+(b) be handled by default using the default DSO_METHOD's converter
+(c) overriden per-DSO by setting the override callback
+(d) a mix of (b) and (c) - eg. implement an override callback that;
+    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
+        and if so, convert "blah" into "blah32.dll" (the default is
+        otherwise to make it "blah.dll").
+    (ii) default to the normal behaviour - we're not on win32, eg.
+         finish with (return dso->meth->dso_name_converter(dso,NULL)).
+
diff --git a/src/lib/libcrypto/dso/dso_beos.c b/src/lib/libcrypto/dso/dso_beos.c
new file mode 100644
index 0000000000..553966e699
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_beos.c
@@ -0,0 +1,270 @@
+/* dso_beos.c */
+/* Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#if !defined(OPENSSL_SYS_BEOS)
+DSO_METHOD *DSO_METHOD_beos(void)
+        {
+        return NULL;
+        }
+#else
+
+#include <kernel/image.h>
+
+static int beos_load(DSO *dso);
+static int beos_unload(DSO *dso);
+static void *beos_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname);
+#if 0
+static int beos_unbind_var(DSO *dso, char *symname, void *symptr);
+static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int beos_init(DSO *dso);
+static int beos_finish(DSO *dso);
+static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *beos_name_converter(DSO *dso, const char *filename);
+
+static DSO_METHOD dso_meth_beos = {
+        "OpenSSL 'beos' shared library method",
+        beos_load,
+        beos_unload,
+        beos_bind_var,
+        beos_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        beos_name_converter,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_beos(void)
+        {
+        return(&dso_meth_beos);
+        }
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) a pointer to the handle (image_id) returned from
+ *     load_add_on().
+ */
+
+static int beos_load(DSO *dso)
+        {
+        image_id id;
+        /* See applicable comments from dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_BEOS_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        id = load_add_on(filename);
+        if(id < 1)
+                {
+                DSOerr(DSO_F_BEOS_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(3, "filename(", filename, ")");
+                goto err;
+                }
+        if(!sk_push(dso->meth_data, (char *)id))
+                {
+                DSOerr(DSO_F_BEOS_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup !*/
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(id > 0)
+                unload_add_on(id);
+        return(0);
+        }
+
+static int beos_unload(DSO *dso)
+        {
+        image_id id;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_BEOS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        id = (image_id)sk_pop(dso->meth_data);
+        if(id < 1)
+                {
+                DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        if(unload_add_on(id) != B_OK)
+                {
+                DSOerr(DSO_F_BEOS_UNLOAD,DSO_R_UNLOAD_FAILED);
+                /* We should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)id);
+                return(0);
+                }
+        return(1);
+        }
+
+static void *beos_bind_var(DSO *dso, const char *symname)
+        {
+        image_id id;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_BEOS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(id < 1)
+                {
+                DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if(get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK)
+                {
+                DSOerr(DSO_F_BEOS_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname)
+        {
+        image_id id;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_BEOS_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        id = (image_id)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(id < 1)
+                {
+                DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if(get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK)
+                {
+                DSOerr(DSO_F_BEOS_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+
+/* This one is the same as the one in dlfcn */
+static char *beos_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, rsize, transform;
+
+        len = strlen(filename);
+        rsize = len + 1;
+        transform = (strstr(filename, "/") == NULL);
+        if(transform)
+                {
+                /* We will convert this to "%s.so" or "lib%s.so" */
+                rsize += 3;     /* The length of ".so" */
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        rsize += 3; /* The length of "lib" */
+                }
+        translated = OPENSSL_malloc(rsize);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_BEOS_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED);
+                return(NULL);
+                }
+        if(transform)
+                {
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        sprintf(translated, "lib%s.so", filename);
+                else
+                        sprintf(translated, "%s.so", filename);
+                }
+        else
+                sprintf(translated, "%s", filename);
+        return(translated);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
new file mode 100644
index 0000000000..c3b4f6cf45
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -0,0 +1,395 @@
+/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+       {
+       return NULL;
+       }
+#else
+
+#include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
+static int dl_pathbyaddr(void *addr,char *path,int sz);
+static void *dl_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dl = {
+        "OpenSSL 'dl' shared library method",
+        dl_load,
+        dl_unload,
+        dl_bind_var,
+        dl_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        dl_name_converter,
+        dl_merger,
+        NULL, /* init */
+        NULL, /* finish */
+        dl_pathbyaddr,
+        dl_globallookup
+        };
+
+DSO_METHOD *DSO_METHOD_dl(void)
+        {
+        return(&dso_meth_dl);
+        }
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (shl_t) returned from shl_load().
+ * NB: I checked on HPUX11 and shl_t is itself a pointer
+ * type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+        {
+        shl_t ptr = NULL;
+        /* We don't do any fancy retries or anything, just take the method's
+         * (or DSO's if it has the callback set) best translation of the
+         * platform-independant filename and try once with that. */
+        char *filename= DSO_convert_filename(dso, NULL);
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        ptr = shl_load(filename, BIND_IMMEDIATE |
+                (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(4, "filename(", filename, "): ",
+                        strerror(errno));
+                goto err;
+                }
+        if(!sk_push(dso->meth_data, (char *)ptr))
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success, stick the converted filename we've loaded under into the DSO
+         * (it also serves as the indicator that we are currently loaded). */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup! */
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(ptr != NULL)
+                shl_unload(ptr);
+        return(0);
+        }
+
+static int dl_unload(DSO *dso)
+        {
+        shl_t ptr;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        /* Is this statement legal? */
+        ptr = (shl_t)sk_pop(dso->meth_data);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
+                /* Should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)ptr);
+                return(0);
+                }
+        shl_unload(ptr);
+        return(1);
+        }
+
+static void *dl_bind_var(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ",
+                        strerror(errno));
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ",
+                        strerror(errno));
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+        {
+        char *merged;
+
+        if(!filespec1 && !filespec2)
+                {
+                DSOerr(DSO_F_DL_MERGER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        /* If the first file specification is a rooted path, it rules.
+           same goes if the second file specification is missing. */
+        if (!filespec2 || filespec1[0] == '/')
+                {
+                size_t len = strlen(filespec1) + 1;
+                merged = OPENSSL_malloc(len);
+                if(!merged)
+                        {
+                        DSOerr(DSO_F_DL_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                memcpy(merged, filespec1, len);
+                }
+        /* If the first file specification is missing, the second one rules. */
+        else if (!filespec1)
+                {
+                size_t len = strlen(filespec2) + 1;
+                merged = OPENSSL_malloc(strlen(filespec2) + 1);
+                if(!merged)
+                        {
+                        DSOerr(DSO_F_DL_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                memcpy(merged, filespec2, len);
+                }
+        else
+                /* This part isn't as trivial as it looks.  It assumes that
+                   the second file specification really is a directory, and
+                   makes no checks whatsoever.  Therefore, the result becomes
+                   the concatenation of filespec2 followed by a slash followed
+                   by filespec1. */
+                {
+                size_t spec2len, len;
+
+                spec2len = (filespec2 ? strlen(filespec2) : 0);
+                len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+                if(filespec2 && filespec2[spec2len - 1] == '/')
+                        {
+                        spec2len--;
+                        len--;
+                        }
+                merged = OPENSSL_malloc(len + 2);
+                if(!merged)
+                        {
+                        DSOerr(DSO_F_DL_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                strlcpy(merged, filespec2, len + 2);
+                merged[spec2len] = '/';
+                strlcpy(&merged[spec2len + 1], filespec1, 1 + len - spec2len);
+                }
+        return(merged);
+        }
+
+/* This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
+ * same time, there's no great duplicating the code. Figuring out an elegant 
+ * way to share one copy of the code would be more difficult and would not
+ * leave the implementations independant. */
+#if defined(__hpux)
+static const char extension[] = ".sl";
+#else
+static const char extension[] = ".so";
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, rsize, transform;
+
+        len = strlen(filename);
+        rsize = len + 1;
+        transform = (strstr(filename, "/") == NULL);
+                {
+                /* We will convert this to "%s.s?" or "lib%s.s?" */
+                rsize += strlen(extension);/* The length of ".s?" */
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        rsize += 3; /* The length of "lib" */
+                }
+        translated = OPENSSL_malloc(rsize);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_DL_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED); 
+                return(NULL);   
+                }
+        if(transform)
+                {
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        sprintf(translated, "lib%s%s", filename, extension);
+                else
+                        sprintf(translated, "%s%s", filename, extension);
+                }
+        else
+                sprintf(translated, "%s", filename);
+        return(translated);
+        }
+
+static int dl_pathbyaddr(void *addr,char *path,int sz)
+        {
+        struct shl_descriptor inf;
+        int i,len;
+
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { dl_pathbyaddr };
+                addr = t.p;
+                }
+
+        for (i=-1;shl_get_r(i,&inf)==0;i++)
+                {
+                if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+                    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+                        {
+                        len = (int)strlen(inf.filename);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,inf.filename,len);
+                        path[len++] = 0;
+                        return len;
+                        }
+                }
+
+        return -1;
+        }
+
+static void *dl_globallookup(const char *name)
+        {
+        void *ret;
+        shl_t h = NULL;
+
+        return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret;
+        }
+#endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index 5f2254806c..e21b9f6dbc 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -86,7 +86,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
      (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
+     (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) || \
         defined(__ANDROID__)
 #  undef HAVE_DLINFO
 # endif
@@ -297,6 +297,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
         const char *filespec2)
         {
         char *merged;
+        size_t len;
 
         if(!filespec1 && !filespec2)
                 {
@@ -308,17 +309,19 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
            same goes if the second file specification is missing. */
         if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/'))
                 {
-                merged = OPENSSL_malloc(strlen(filespec1) + 1);
+                len = strlen(filespec1) + 1;
+                merged = OPENSSL_malloc(len);
                 if(!merged)
                         {
                         DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
-                strcpy(merged, filespec1);
+                strlcpy(merged, filespec1, len);
                 }
         /* If the first file specification is missing, the second one rules. */
         else if (!filespec1)
                 {
+                len = strlen(filespec2) + 1;
                 merged = OPENSSL_malloc(strlen(filespec2) + 1);
                 if(!merged)
                         {
@@ -326,7 +329,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                                 ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
-                strcpy(merged, filespec2);
+                strlcpy(merged, filespec2, len);
                 }
         else
                 /* This part isn't as trivial as it looks.  It assumes that
@@ -352,9 +355,9 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                                 ERR_R_MALLOC_FAILURE);
                         return(NULL);
                         }
-                strcpy(merged, filespec2);
+                strlcpy(merged, filespec2, len + 2);
                 merged[spec2len] = '/';
-                strcpy(&merged[spec2len + 1], filespec1);
+                strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len);
                 }
         return(merged);
         }
@@ -393,16 +396,16 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
         if(transform)
                 {
                 if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        sprintf(translated, "lib%s" DSO_ext, filename);
+                        snprintf(translated, rsize, "lib%s" DSO_ext, filename);
                 else
-                        sprintf(translated, "%s" DSO_ext, filename);
+                        snprintf(translated, rsize, "%s" DSO_ext, filename);
                 }
         else
-                sprintf(translated, "%s", filename);
+                snprintf(translated, rsize, "%s", filename);
         return(translated);
         }
 
-#ifdef __sgi
+#if defined(__sgi) && !defined(__OpenBSD__)
 /*
 This is a quote from IRIX manual for dladdr(3c):
 
diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c
new file mode 100644
index 0000000000..eee20d14f1
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_vms.c
@@ -0,0 +1,525 @@
+/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#ifdef OPENSSL_SYS_VMS
+#pragma message disable DOLLARID
+#include <rms.h>
+#include <lib$routines.h>
+#include <stsdef.h>
+#include <descrip.h>
+#include <starlet.h>
+#include "vms_rms.h"
+#endif
+
+/* Some compiler options may mask the declaration of "_malloc32". */
+#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#  pragma pointer_size restore
+# endif /* __INITIAL_POINTER_SIZE == 64 */
+#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
+
+
+#ifndef OPENSSL_SYS_VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return NULL;
+        }
+#else
+#pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+#if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+        const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+        "OpenSSL 'VMS' shared library method",
+        vms_load,
+        NULL, /* unload */
+        vms_bind_var,
+        vms_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        vms_name_converter,
+        vms_merger,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st
+        {
+        /* This should contain the name only, no directory,
+         * no extension, nothing but a name. */
+        struct dsc$descriptor_s filename_dsc;
+        char filename[ NAMX_MAXRSS+ 1];
+        /* This contains whatever is not in filename, if needed.
+         * Normally not defined. */
+        struct dsc$descriptor_s imagename_dsc;
+        char imagename[ NAMX_MAXRSS+ 1];
+        } DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return(&dso_meth_vms);
+        }
+
+static int vms_load(DSO *dso)
+        {
+        void *ptr = NULL;
+        /* See applicable comments in dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+#if __INITIAL_POINTER_SIZE == 64
+# define DSO_MALLOC _malloc32
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define DSO_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        DSO_VMS_INTERNAL *p = NULL;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
+        const char *sp1, *sp2;  /* Search result */
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+
+        /* A file specification may look like this:
+         *
+         *      node::dev:[dir-spec]name.type;ver
+         *
+         * or (for compatibility with TOPS-20):
+         *
+         *      node::dev:<dir-spec>name.type;ver
+         *
+         * and the dir-spec uses '.' as separator.  Also, a dir-spec
+         * may consist of several parts, with mixed use of [] and <>:
+         *
+         *      [dir1.]<dir2>
+         *
+         * We need to split the file specification into the name and
+         * the rest (both before and after the name itself).
+         */
+        /* Start with trying to find the end of a dir-spec, and save the
+           position of the byte after in sp1 */
+        sp1 = strrchr(filename, ']');
+        sp2 = strrchr(filename, '>');
+        if (sp1 == NULL) sp1 = sp2;
+        if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
+        if (sp1 == NULL) sp1 = strrchr(filename, ':');
+        if (sp1 == NULL)
+                sp1 = filename;
+        else
+                sp1++;          /* The byte after the found character */
+        /* Now, let's see if there's a type, and save the position in sp2 */
+        sp2 = strchr(sp1, '.');
+        /* If we found it, that's where we'll cut.  Otherwise, look for a
+           version number and save the position in sp2 */
+        if (sp2 == NULL) sp2 = strchr(sp1, ';');
+        /* If there was still nothing to find, set sp2 to point at the end of
+           the string */
+        if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
+
+        /* Check that we won't get buffer overflows */
+        if (sp2 - sp1 > FILENAME_MAX
+                || (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
+                goto err;
+                }
+
+        p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        strncpy(p->filename, sp1, sp2-sp1);
+        p->filename[sp2-sp1] = '\0';
+
+        strncpy(p->imagename, filename, sp1-filename);
+        p->imagename[sp1-filename] = '\0';
+        strcat(p->imagename, sp2);
+
+        p->filename_dsc.dsc$w_length = strlen(p->filename);
+        p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->filename_dsc.dsc$a_pointer = p->filename;
+        p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+        p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+        if(!sk_void_push(dso->meth_data, (char *)p))
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+
+        /* Success (for now, we lie.  We actually do not know...) */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup! */
+        if(p != NULL)
+                OPENSSL_free(p);
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        return(0);
+        }
+
+/* Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+        {
+        DSO_VMS_INTERNAL *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_void_num(dso->meth_data) < 1)
+                return(1);
+        p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+
+/* We must do this in a separate function because of the way the exception
+   handler works (it makes this function return */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+        struct dsc$descriptor_s *symname_dsc, void **sym,
+        unsigned long flags)
+        {
+        /* Make sure that signals are caught and returned instead of
+           aborting the program.  The exception handler gets unestablished
+           automatically on return from this function.  */
+        lib$establish(lib$sig_to_ret);
+
+        if(ptr->imagename_dsc.dsc$w_length)
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        &ptr->imagename_dsc, flags);
+        else
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        0, flags);
+        }
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+        {
+        DSO_VMS_INTERNAL *ptr;
+        int status;
+#if 0
+        int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+                               defined in VMS older than 7.0 or so */
+#else
+        int flags = 0;
+#endif
+        struct dsc$descriptor_s symname_dsc;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define SYMNAME symname_32p
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *symname_32p;
+# pragma pointer_size restore
+        char symname_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define SYMNAME ((char *) symname)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        *sym = NULL;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
+                return;
+                }
+
+#if __INITIAL_POINTER_SIZE == 64
+        /* Copy the symbol name to storage with a 32-bit pointer. */
+        symname_32p = symname_32;
+        strcpy( symname_32p, symname);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        symname_dsc.dsc$w_length = strlen(SYMNAME);
+        symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+        symname_dsc.dsc$a_pointer = SYMNAME;
+
+        if(sk_void_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
+                return;
+                }
+        ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
+                sk_void_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);
+                return;
+                }
+
+        if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
+
+        status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+        if(!$VMS_STATUS_SUCCESS(status))
+                {
+                unsigned short length;
+                char errstring[257];
+                struct dsc$descriptor_s errstring_dsc;
+
+                errstring_dsc.dsc$w_length = sizeof(errstring);
+                errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+                errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+                errstring_dsc.dsc$a_pointer = errstring;
+
+                *sym = NULL;
+
+                status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+                if (!$VMS_STATUS_SUCCESS(status))
+                        lib$signal(status); /* This is really bad.  Abort!  */
+                else
+                        {
+                        errstring[length] = '\0';
+
+                        DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE);
+                        if (ptr->imagename_dsc.dsc$w_length)
+                                ERR_add_error_data(9,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        " (", ptr->imagename, ")",
+                                        ": ", errstring);
+                        else
+                                ERR_add_error_data(6,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        ": ", errstring);
+                        }
+                return;
+                }
+        return;
+        }
+
+static void *vms_bind_var(DSO *dso, const char *symname)
+        {
+        void *sym = 0;
+        vms_bind_sym(dso, symname, &sym);
+        return sym;
+        }
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+        {
+        DSO_FUNC_TYPE sym = 0;
+        vms_bind_sym(dso, symname, (void **)&sym);
+        return sym;
+        }
+
+
+static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
+        {
+        int status;
+        int filespec1len, filespec2len;
+        struct FAB fab;
+        struct NAMX_STRUCT nam;
+        char esa[ NAMX_MAXRSS+ 1];
+        char *merged;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define FILESPEC1 filespec1_32p;
+# define FILESPEC2 filespec2_32p;
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *filespec1_32p;
+        char *filespec2_32p;
+# pragma pointer_size restore
+        char filespec1_32[ NAMX_MAXRSS+ 1];
+        char filespec2_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define FILESPEC1 ((char *) filespec1)
+# define FILESPEC2 ((char *) filespec2)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        if (!filespec1) filespec1 = "";
+        if (!filespec2) filespec2 = "";
+        filespec1len = strlen(filespec1);
+        filespec2len = strlen(filespec2);
+
+#if __INITIAL_POINTER_SIZE == 64
+        /* Copy the file names to storage with a 32-bit pointer. */
+        filespec1_32p = filespec1_32;
+        filespec2_32p = filespec2_32;
+        strcpy( filespec1_32p, filespec1);
+        strcpy( filespec2_32p, filespec2);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        fab = cc$rms_fab;
+        nam = CC_RMS_NAMX;
+
+        FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+        FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len;
+        FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+        FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len;
+        NAMX_DNA_FNA_SET( fab)
+
+        nam.NAMX_ESA = esa;
+        nam.NAMX_ESS = NAMX_MAXRSS;
+        nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+        SET_NAMX_NO_SHORT_UPCASE( nam);
+
+        fab.FAB_NAMX = &nam;
+
+        status = sys$parse(&fab, 0, 0);
+
+        if(!$VMS_STATUS_SUCCESS(status))
+                {
+                unsigned short length;
+                char errstring[257];
+                struct dsc$descriptor_s errstring_dsc;
+
+                errstring_dsc.dsc$w_length = sizeof(errstring);
+                errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+                errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+                errstring_dsc.dsc$a_pointer = errstring;
+
+                status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+                if (!$VMS_STATUS_SUCCESS(status))
+                        lib$signal(status); /* This is really bad.  Abort!  */
+                else
+                        {
+                        errstring[length] = '\0';
+
+                        DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE);
+                        ERR_add_error_data(7,
+                                           "filespec \"", filespec1, "\", ",
+                                           "defaults \"", filespec2, "\": ",
+                                           errstring);
+                        }
+                return(NULL);
+                }
+
+        merged = OPENSSL_malloc( nam.NAMX_ESL+ 1);
+        if(!merged)
+                goto malloc_err;
+        strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL);
+        merged[ nam.NAMX_ESL] = '\0';
+        return(merged);
+ malloc_err:
+        DSOerr(DSO_F_VMS_MERGER,
+                ERR_R_MALLOC_FAILURE);
+        }
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+        {
+        int len = strlen(filename);
+        char *not_translated = OPENSSL_malloc(len+1);
+        strcpy(not_translated,filename);
+        return(not_translated);
+        }
+
+#endif /* OPENSSL_SYS_VMS */
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
new file mode 100644
index 0000000000..6fb6c54181
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -0,0 +1,844 @@
+/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#if !defined(DSO_WIN32)
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return NULL;
+        }
+#else
+
+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+        {
+        WCHAR lpProcNameW[64];
+        int i;
+
+        for (i=0;lpProcName[i] && i<64;i++)
+                lpProcNameW[i] = (WCHAR)lpProcName[i];
+        if (i==64) return NULL;
+        lpProcNameW[i] = 0;
+
+        return GetProcAddressW(hModule,lpProcNameW);
+        }
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+        {
+        WCHAR *fnamw;
+        size_t len_0=strlen(lpLibFileName)+1,i;
+
+#ifdef _MSC_VER
+        fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
+#else
+        fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
+#endif
+        if (fnamw == NULL)
+                {
+                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+                return NULL;
+                }
+
+#if defined(_WIN32_WCE) && _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))
+#endif
+                for (i=0;i<len_0;i++) fnamw[i]=(WCHAR)lpLibFileName[i];
+
+        return LoadLibraryW(fnamw);
+        }
+#endif
+
+/* Part of the hack in "win32_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+#if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+        const char *filespec2);
+static int win32_pathbyaddr(void *addr,char *path,int sz);
+static void *win32_globallookup(const char *name);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+        "OpenSSL 'win32' shared library method",
+        win32_load,
+        win32_unload,
+        win32_bind_var,
+        win32_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        win32_name_converter,
+        win32_merger,
+        NULL, /* init */
+        NULL, /* finish */
+        win32_pathbyaddr,
+        win32_globallookup
+        };
+
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return(&dso_meth_win32);
+        }
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) a pointer to the handle (HINSTANCE) returned from
+ *     LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+        {
+        HINSTANCE h = NULL, *p = NULL;
+        /* See applicable comments from dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        h = LoadLibraryA(filename);
+        if(h == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(3, "filename(", filename, ")");
+                goto err;
+                }
+        p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        *p = h;
+        if(!sk_void_push(dso->meth_data, p))
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup !*/
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(p != NULL)
+                OPENSSL_free(p);
+        if(h != NULL)
+                FreeLibrary(h);
+        return(0);
+        }
+
+static int win32_unload(DSO *dso)
+        {
+        HINSTANCE *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_void_num(dso->meth_data) < 1)
+                return(1);
+        p = sk_void_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        if(!FreeLibrary(*p))
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
+                /* We should push the value back onto the stack in
+                 * case of a retry. */
+                sk_void_push(dso->meth_data, p);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+
+/* Using GetProcAddress for variables? TODO: Check this out in
+ * the Win32 API docs, there's probably a variant for variables. */
+static void *win32_bind_var(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_void_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_void_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+
+struct file_st
+        {
+        const char *node; int nodelen;
+        const char *device; int devicelen;
+        const char *predir; int predirlen;
+        const char *dir; int dirlen;
+        const char *file; int filelen;
+        };
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+        int assume_last_is_dir)
+        {
+        struct file_st *result = NULL;
+        enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+        const char *start = filename;
+        char last;
+
+        if (!filename)
+                {
+                DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME);
+                /*goto err;*/
+                return(NULL);
+                }
+
+        result = OPENSSL_malloc(sizeof(struct file_st));
+        if(result == NULL)
+                {
+                DSOerr(DSO_F_WIN32_SPLITTER,
+                        ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        memset(result, 0, sizeof(struct file_st));
+        position = IN_DEVICE;
+
+        if((filename[0] == '\\' && filename[1] == '\\')
+                || (filename[0] == '/' && filename[1] == '/'))
+                {
+                position = IN_NODE;
+                filename += 2;
+                start = filename;
+                result->node = start;
+                }
+
+        do
+                {
+                last = filename[0];
+                switch(last)
+                        {
+                case ':':
+                        if(position != IN_DEVICE)
+                                {
+                                DSOerr(DSO_F_WIN32_SPLITTER,
+                                        DSO_R_INCORRECT_FILE_SYNTAX);
+                                /*goto err;*/
+                                OPENSSL_free(result);
+                                return(NULL);
+                                }
+                        result->device = start;
+                        result->devicelen = (int)(filename - start);
+                        position = IN_FILE;
+                        start = ++filename;
+                        result->dir = start;
+                        break;
+                case '\\':
+                case '/':
+                        if(position == IN_NODE)
+                                {
+                                result->nodelen = (int)(filename - start);
+                                position = IN_FILE;
+                                start = ++filename;
+                                result->dir = start;
+                                }
+                        else if(position == IN_DEVICE)
+                                {
+                                position = IN_FILE;
+                                filename++;
+                                result->dir = start;
+                                result->dirlen = (int)(filename - start);
+                                start = filename;
+                                }
+                        else
+                                {
+                                filename++;
+                                result->dirlen += (int)(filename - start);
+                                start = filename;
+                                }
+                        break;
+                case '\0':
+                        if(position == IN_NODE)
+                                {
+                                result->nodelen = (int)(filename - start);
+                                }
+                        else
+                                {
+                                if(filename - start > 0)
+                                        {
+                                        if (assume_last_is_dir)
+                                                {
+                                                if (position == IN_DEVICE)
+                                                        {
+                                                        result->dir = start;
+                                                        result->dirlen = 0;
+                                                        }
+                                                result->dirlen +=
+                                                        (int)(filename - start);
+                                                }
+                                        else
+                                                {
+                                                result->file = start;
+                                                result->filelen =
+                                                        (int)(filename - start);
+                                                }
+                                        }
+                                }
+                        break;
+                default:
+                        filename++;
+                        break;
+                        }
+                }
+        while(last);
+
+        if(!result->nodelen) result->node = NULL;
+        if(!result->devicelen) result->device = NULL;
+        if(!result->dirlen) result->dir = NULL;
+        if(!result->filelen) result->file = NULL;
+
+        return(result);
+        }
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+        {
+        int len = 0, offset = 0;
+        char *result = NULL;
+        const char *start;
+
+        if(!file_split)
+                {
+                DSOerr(DSO_F_WIN32_JOINER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(file_split->node)
+                {
+                len += 2 + file_split->nodelen; /* 2 for starting \\ */
+                if(file_split->predir || file_split->dir || file_split->file)
+                        len++;  /* 1 for ending \ */
+                }
+        else if(file_split->device)
+                {
+                len += file_split->devicelen + 1; /* 1 for ending : */
+                }
+        len += file_split->predirlen;
+        if(file_split->predir && (file_split->dir || file_split->file))
+                {
+                len++;  /* 1 for ending \ */
+                }
+        len += file_split->dirlen;
+        if(file_split->dir && file_split->file)
+                {
+                len++;  /* 1 for ending \ */
+                }
+        len += file_split->filelen;
+
+        if(!len)
+                {
+                DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+                return(NULL);
+                }
+
+        result = OPENSSL_malloc(len + 1);
+        if (!result)
+                {
+                DSOerr(DSO_F_WIN32_JOINER,
+                        ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        if(file_split->node)
+                {
+                strcpy(&result[offset], "\\\\"); offset += 2;
+                strncpy(&result[offset], file_split->node,
+                        file_split->nodelen); offset += file_split->nodelen;
+                if(file_split->predir || file_split->dir || file_split->file)
+                        {
+                        result[offset] = '\\'; offset++;
+                        }
+                }
+        else if(file_split->device)
+                {
+                strncpy(&result[offset], file_split->device,
+                        file_split->devicelen); offset += file_split->devicelen;
+                result[offset] = ':'; offset++;
+                }
+        start = file_split->predir;
+        while(file_split->predirlen > (start - file_split->predir))
+                {
+                const char *end = openssl_strnchr(start, '/',
+                        file_split->predirlen - (start - file_split->predir));
+                if(!end)
+                        end = start
+                                + file_split->predirlen
+                                - (start - file_split->predir);
+                strncpy(&result[offset], start,
+                        end - start); offset += (int)(end - start);
+                result[offset] = '\\'; offset++;
+                start = end + 1;
+                }
+#if 0 /* Not needed, since the directory converter above already appeneded
+         a backslash */
+        if(file_split->predir && (file_split->dir || file_split->file))
+                {
+                result[offset] = '\\'; offset++;
+                }
+#endif
+        start = file_split->dir;
+        while(file_split->dirlen > (start - file_split->dir))
+                {
+                const char *end = openssl_strnchr(start, '/',
+                        file_split->dirlen - (start - file_split->dir));
+                if(!end)
+                        end = start
+                                + file_split->dirlen
+                                - (start - file_split->dir);
+                strncpy(&result[offset], start,
+                        end - start); offset += (int)(end - start);
+                result[offset] = '\\'; offset++;
+                start = end + 1;
+                }
+#if 0 /* Not needed, since the directory converter above already appeneded
+         a backslash */
+        if(file_split->dir && file_split->file)
+                {
+                result[offset] = '\\'; offset++;
+                }
+#endif
+        strncpy(&result[offset], file_split->file,
+                file_split->filelen); offset += file_split->filelen;
+        result[offset] = '\0';
+        return(result);
+        }
+
+static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2)
+        {
+        char *merged = NULL;
+        struct file_st *filespec1_split = NULL;
+        struct file_st *filespec2_split = NULL;
+
+        if(!filespec1 && !filespec2)
+                {
+                DSOerr(DSO_F_WIN32_MERGER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if (!filespec2)
+                {
+                merged = OPENSSL_malloc(strlen(filespec1) + 1);
+                if(!merged)
+                        {
+                        DSOerr(DSO_F_WIN32_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                strcpy(merged, filespec1);
+                }
+        else if (!filespec1)
+                {
+                merged = OPENSSL_malloc(strlen(filespec2) + 1);
+                if(!merged)
+                        {
+                        DSOerr(DSO_F_WIN32_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                strcpy(merged, filespec2);
+                }
+        else
+                {
+                filespec1_split = win32_splitter(dso, filespec1, 0);
+                if (!filespec1_split)
+                        {
+                        DSOerr(DSO_F_WIN32_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                filespec2_split = win32_splitter(dso, filespec2, 1);
+                if (!filespec2_split)
+                        {
+                        DSOerr(DSO_F_WIN32_MERGER,
+                                ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(filespec1_split);
+                        return(NULL);
+                        }
+
+                /* Fill in into filespec1_split */
+                if (!filespec1_split->node && !filespec1_split->device)
+                        {
+                        filespec1_split->node = filespec2_split->node;
+                        filespec1_split->nodelen = filespec2_split->nodelen;
+                        filespec1_split->device = filespec2_split->device;
+                        filespec1_split->devicelen = filespec2_split->devicelen;
+                        }
+                if (!filespec1_split->dir)
+                        {
+                        filespec1_split->dir = filespec2_split->dir;
+                        filespec1_split->dirlen = filespec2_split->dirlen;
+                        }
+                else if (filespec1_split->dir[0] != '\\'
+                        && filespec1_split->dir[0] != '/')
+                        {
+                        filespec1_split->predir = filespec2_split->dir;
+                        filespec1_split->predirlen = filespec2_split->dirlen;
+                        }
+                if (!filespec1_split->file)
+                        {
+                        filespec1_split->file = filespec2_split->file;
+                        filespec1_split->filelen = filespec2_split->filelen;
+                        }
+
+                merged = win32_joiner(dso, filespec1_split);
+                }
+        OPENSSL_free(filespec1_split);
+        OPENSSL_free(filespec2_split);
+        return(merged);
+        }
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, transform;
+
+        len = strlen(filename);
+        transform = ((strstr(filename, "/") == NULL) &&
+                        (strstr(filename, "\\") == NULL) &&
+                        (strstr(filename, ":") == NULL));
+        if(transform)
+                /* We will convert this to "%s.dll" */
+                translated = OPENSSL_malloc(len + 5);
+        else
+                /* We will simply duplicate filename */
+                translated = OPENSSL_malloc(len + 1);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_WIN32_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED); 
+                return(NULL);   
+                }
+        if(transform)
+                sprintf(translated, "%s.dll", filename);
+        else
+                sprintf(translated, "%s", filename);
+        return(translated);
+        }
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+        {
+        size_t i;
+        const char *p;
+        for (i = 0, p = string; i < len && *p; i++, p++)
+                {
+                if (*p == c)
+                        return p;
+                }
+        return NULL;
+        }
+
+#include <tlhelp32.h>
+#ifdef _WIN32_WCE
+# define DLLNAME "TOOLHELP.DLL"
+#else
+# ifdef MODULEENTRY32
+# undef MODULEENTRY32   /* unmask the ASCII version! */
+# endif
+# define DLLNAME "KERNEL32.DLL"
+#endif
+
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *);
+
+static int win32_pathbyaddr(void *addr,char *path,int sz)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE; 
+        MODULEENTRY32 me32; 
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        int len;
+ 
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { win32_pathbyaddr };
+                addr = t.p;
+                }
+
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); 
+        if( hModuleSnap == INVALID_HANDLE_VALUE ) 
+                { 
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                } 
+ 
+        me32.dwSize = sizeof(me32); 
+ 
+        if(!(*module_first)(hModuleSnap,&me32)) 
+                { 
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_FAILURE);
+                return -1;
+                }
+ 
+        do      { 
+                if ((BYTE *)addr >= me32.modBaseAddr &&
+                    (BYTE *)addr <  me32.modBaseAddr+me32.modBaseSize)
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+#ifdef _WIN32_WCE
+# if _WIN32_WCE >= 101
+                        return WideCharToMultiByte(CP_ACP,0,me32.szExePath,-1,
+                                                        path,sz,NULL,NULL);
+# else
+                        len = (int)wcslen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        for(i=0;i<len;i++)
+                                path[i] = (char)me32.szExePath[i];
+                        path[len++] = 0;
+                        return len;
+# endif
+#else
+                        len = (int)strlen(me32.szExePath);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,me32.szExePath,len);
+                        path[len++] = 0;
+                        return len;
+#endif
+                        } 
+                } while((*module_next)(hModuleSnap, &me32)); 
+ 
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return 0;
+        }
+
+static void *win32_globallookup(const char *name)
+        {
+        HMODULE dll;
+        HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+        MODULEENTRY32 me32;
+        CREATETOOLHELP32SNAPSHOT create_snap;
+        CLOSETOOLHELP32SNAPSHOT  close_snap;
+        MODULE32 module_first, module_next;
+        FARPROC ret=NULL;
+
+        dll = LoadLibrary(TEXT(DLLNAME));
+        if (dll == NULL)
+                {
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+
+        create_snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CreateToolhelp32Snapshot");
+        if (create_snap == NULL)
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        /* We take the rest for granted... */
+#ifdef _WIN32_WCE
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(dll,"CloseToolhelp32Snapshot");
+#else
+        close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle;
+#endif
+        module_first = (MODULE32)GetProcAddress(dll,"Module32First");
+        module_next  = (MODULE32)GetProcAddress(dll,"Module32Next");
+
+        hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0);
+        if( hModuleSnap == INVALID_HANDLE_VALUE )
+                {
+                FreeLibrary(dll);
+                DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+
+        me32.dwSize = sizeof(me32);
+
+        if (!(*module_first)(hModuleSnap,&me32))
+                {
+                (*close_snap)(hModuleSnap);
+                FreeLibrary(dll);
+                return NULL;
+                }
+
+        do      {
+                if ((ret = GetProcAddress(me32.hModule,name)))
+                        {
+                        (*close_snap)(hModuleSnap);
+                        FreeLibrary(dll);
+                        return ret;
+                        }
+                } while((*module_next)(hModuleSnap,&me32));
+
+        (*close_snap)(hModuleSnap); 
+        FreeLibrary(dll);
+        return NULL;
+        }
+#endif /* DSO_WIN32 */
diff --git a/src/lib/libcrypto/ebcdic.c b/src/lib/libcrypto/ebcdic.c
new file mode 100644
index 0000000000..43e53bcaf7
--- /dev/null
+++ b/src/lib/libcrypto/ebcdic.c
@@ -0,0 +1,221 @@
+/* crypto/ebcdic.c */
+
+#ifndef CHARSET_EBCDIC
+
+#include <openssl/e_os2.h>
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy=&dummy;
+#endif
+
+#else /*CHARSET_EBCDIC*/
+
+#include "ebcdic.h"
+/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+ *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
+ */
+
+#ifdef _OSD_POSIX
+/*
+    "BS2000 OSD" is a POSIX subsystem on a main frame.
+    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
+    Within the POSIX subsystem, the same character set was chosen as in
+    "native BS2000", namely EBCDIC. (EDF04)
+
+    The name "ASCII" in these routines is misleading: actually, conversion
+    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
+    that means that (western european) national characters are preserved.
+
+    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
+*/
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
+/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
+/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
+/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
+/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
+/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
+/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
+/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
+/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
+/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
+/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
+/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
+/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
+/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
+/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
+/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/
+};
+
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+        0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/
+/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+        0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/
+/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+        0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */
+/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+        0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/
+/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/
+/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+        0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/
+/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/
+/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+        0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/
+/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/
+/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+        0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/
+/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+        0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/
+/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+        0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/
+/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+        0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/
+/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+        0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/
+/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+        0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/
+/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+        0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/
+};
+
+#else  /*_OSD_POSIX*/
+
+/*
+This code does basic character mapping for IBM's TPF and OS/390 operating systems.
+It is a modified version of the BS2000 table.
+
+Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
+This table is bijective - there are no ambigous or duplicate characters.
+*/
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */
+};
+
+
+/*
+The US-ASCII to EBCDIC (character set IBM-1047) table:
+This table is bijective (no ambiguous or duplicate characters)
+*/
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */
+};
+#endif /*_OSD_POSIX*/
+
+/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but
+ * should not overlap. These functions intentionally have an interface
+ * compatible to memcpy(3).
+ */
+
+void *
+ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+
+    return dest;
+}
+
+void *
+ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+
+    return dest;
+}
+
+#endif
diff --git a/src/lib/libcrypto/ebcdic.h b/src/lib/libcrypto/ebcdic.h
new file mode 100644
index 0000000000..6d65afcf9e
--- /dev/null
+++ b/src/lib/libcrypto/ebcdic.h
@@ -0,0 +1,19 @@
+/* crypto/ebcdic.h */
+
+#ifndef HEADER_EBCDIC_H
+#define HEADER_EBCDIC_H
+
+#include <sys/types.h>
+
+/* Avoid name clashes with other applications */
+#define os_toascii   _openssl_os_toascii
+#define os_toebcdic  _openssl_os_toebcdic
+#define ebcdic2ascii _openssl_ebcdic2ascii
+#define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#endif
diff --git a/src/lib/libcrypto/ec/Makefile b/src/lib/libcrypto/ec/Makefile
new file mode 100644
index 0000000000..f85fc845ca
--- /dev/null
+++ b/src/lib/libcrypto/ec/Makefile
@@ -0,0 +1,263 @@
+#
+# crypto/ec/Makefile
+#
+
+DIR=    ec
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
+        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
+        ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \
+        ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
+        ecp_oct.c ec2_oct.c ec_oct.c
+
+LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
+        ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
+        ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o \
+        ecp_nistp224.o ecp_nistp256.o ecp_nistp521.o ecp_nistputil.o \
+        ecp_oct.o ec2_oct.o ec_oct.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ec.h
+HEADER= ec_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ec2_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h
+ec2_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_oct.o: ../../include/openssl/symhacks.h ec2_oct.c ec_lcl.h
+ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h
+ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ec_ameth.o: ../../include/openssl/opensslconf.h
+ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+ec_ameth.o: ec_ameth.c
+ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h
+ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h
+ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h
+ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_err.o: ../../include/openssl/symhacks.h ec_err.c
+ec_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_key.o: ../../include/openssl/symhacks.h ec_key.c ec_lcl.h
+ec_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_lib.o: ../../include/openssl/symhacks.h ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ec_oct.c
+ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+ec_pmeth.o: ec_pmeth.c
+ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c
+eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c
+ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_mont.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_nistp224.o: ../../include/openssl/opensslconf.h ecp_nistp224.c
+ecp_nistp256.o: ../../include/openssl/opensslconf.h ecp_nistp256.c
+ecp_nistp521.o: ../../include/openssl/opensslconf.h ecp_nistp521.c
+ecp_nistputil.o: ../../include/openssl/opensslconf.h ecp_nistputil.c
+ecp_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_oct.c
+ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_smpl.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index dfe8710d33..9d01325af3 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
+int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -800,24 +800,16 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
+void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *key, 
+void *EC_KEY_get_key_method_data(EC_KEY *, 
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/** Sets the key method data of an EC_KEY object, if none has yet been set.
- *  \param  key              EC_KEY object
- *  \param  data             opaque data to install.
- *  \param  dup_func         a function that duplicates |data|.
- *  \param  free_func        a function that frees |data|.
- *  \param  clear_free_func  a function that wipes and frees |data|.
- *  \return the previously set data pointer, or NULL if |data| was inserted.
- */
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+void EC_KEY_set_asn1_flag(EC_KEY *, int);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index de9a0cc2b3..25247b5803 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
             EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
                 return 1;
-        /* compare the curve name (if present in both) */
+        /* compare the curve name (if present) */
         if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-            EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
-                return 1;
+            EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
+                return 0;
 
         if (!ctx)
                 ctx_new = ctx = BN_CTX_new();
@@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
         if (group->meth->point_cmp == 0)
                 {
                 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
+                return 0;
                 }
         if ((group->meth != a->meth) || (a->meth != b->meth))
                 {
                 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-                return -1;
+                return 0;
                 }
         return group->meth->point_cmp(group, a, b, ctx);
         }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index f04f132c7a..079e47431b 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -114,6 +114,7 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_decode,
                 ec_GFp_mont_field_set_to_one };
 
+
         return &ret;
 #endif
         }
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
new file mode 100644
index 0000000000..f107782de0
--- /dev/null
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -0,0 +1,1489 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+
+
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+
+#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+#pragma warning(disable:4959)
+#endif
+
+#define ABORT do { \
+        fflush(stdout); \
+        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+        ERR_print_errors_fp(stderr); \
+        EXIT(1); \
+} while (0)
+
+#define TIMING_BASE_PT 0
+#define TIMING_RAND_PT 1
+#define TIMING_SIMUL 2
+
+#if 0
+static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
+        {
+        clock_t clck;
+        int i, j;
+        BIGNUM *s;
+        BIGNUM *r[10], *r0[10];
+        EC_POINT *P;
+                
+        s = BN_new();
+        if (s == NULL) ABORT;
+
+        fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+        if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+        fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+        fflush(stdout);
+
+        P = EC_POINT_new(group);
+        if (P == NULL) ABORT;
+        EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+        for (i = 0; i < 10; i++)
+                {
+                if ((r[i] = BN_new()) == NULL) ABORT;
+                if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
+                if (type != TIMING_BASE_PT)
+                        {
+                        if ((r0[i] = BN_new()) == NULL) ABORT;
+                        if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
+                        }
+                }
+
+        clck = clock();
+        for (i = 0; i < 10; i++)
+                {
+                for (j = 0; j < 10; j++)
+                        {
+                        if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, 
+                                (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;
+                        }
+                }
+        clck = clock() - clck;
+
+        fprintf(stdout, "\n");
+
+#ifdef CLOCKS_PER_SEC
+        /* "To determine the time in seconds, the value returned
+         * by the clock function should be divided by the value
+         * of the macro CLOCKS_PER_SEC."
+         *                                       -- ISO/IEC 9899 */
+#       define UNIT "s"
+#else
+        /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+         *                            -- cc on NeXTstep/OpenStep */
+#       define UNIT "units"
+#       define CLOCKS_PER_SEC 1
+#endif
+
+        if (type == TIMING_BASE_PT) {
+                fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+                        "base point multiplications", (double)clck/CLOCKS_PER_SEC);
+        } else if (type == TIMING_RAND_PT) {
+                fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+                        "random point multiplications", (double)clck/CLOCKS_PER_SEC);
+        } else if (type == TIMING_SIMUL) {
+                fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+                        "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);
+        }
+        fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+
+        EC_POINT_free(P);
+        BN_free(s);
+        for (i = 0; i < 10; i++)
+                {
+                BN_free(r[i]);
+                if (type != TIMING_BASE_PT) BN_free(r0[i]);
+                }
+        }
+#endif
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+        {
+        BIGNUM *n1, *n2, *order;
+        EC_POINT *P = EC_POINT_new(group);
+        EC_POINT *Q = EC_POINT_new(group);
+        BN_CTX *ctx = BN_CTX_new();
+
+        n1 = BN_new(); n2 = BN_new(); order = BN_new();
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        fprintf(stdout, "long/negative scalar tests ... ");
+        if (!BN_one(n1)) ABORT;
+        /* n1 = 1 - order */
+        if (!BN_sub(n1, n1, order)) ABORT;
+        if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+        /* n2 = 1 + order */
+        if (!BN_add(n2, order, BN_value_one())) ABORT;
+        if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+        /* n2 = (1 - order) * (1 + order) */
+        if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+        if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+        fprintf(stdout, "ok\n");
+        EC_POINT_free(P);
+        EC_POINT_free(Q);
+        BN_free(n1);
+        BN_free(n2);
+        BN_free(order);
+        BN_CTX_free(ctx);
+        }
+
+static void prime_field_tests(void)
+        {       
+        BN_CTX *ctx = NULL;
+        BIGNUM *p, *a, *b;
+        EC_GROUP *group;
+        EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+        EC_POINT *P, *Q, *R;
+        BIGNUM *x, *y, *z;
+        unsigned char buf[100];
+        size_t i, len;
+        int k;
+        
+#if 1 /* optional */
+        ctx = BN_CTX_new();
+        if (!ctx) ABORT;
+#endif
+
+        p = BN_new();
+        a = BN_new();
+        b = BN_new();
+        if (!p || !a || !b) ABORT;
+
+        if (!BN_hex2bn(&p, "17")) ABORT;
+        if (!BN_hex2bn(&a, "1")) ABORT;
+        if (!BN_hex2bn(&b, "1")) ABORT;
+        
+        group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+                                                     * so that the library gets to choose the EC_METHOD */
+        if (!group) ABORT;
+
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        {
+                EC_GROUP *tmp;
+                tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+                if (!tmp) ABORT;
+                if (!EC_GROUP_copy(tmp, group)) ABORT;
+                EC_GROUP_free(group);
+                group = tmp;
+        }
+        
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+        BN_print_fp(stdout, p);
+        fprintf(stdout, ")\n     a = 0x");
+        BN_print_fp(stdout, a);
+        fprintf(stdout, "\n     b = 0x");
+        BN_print_fp(stdout, b);
+        fprintf(stdout, "\n");
+
+        P = EC_POINT_new(group);
+        Q = EC_POINT_new(group);
+        R = EC_POINT_new(group);
+        if (!P || !Q || !R) ABORT;
+        
+        if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+        buf[0] = 0;
+        if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+        if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+        x = BN_new();
+        y = BN_new();
+        z = BN_new();
+        if (!x || !y || !z) ABORT;
+
+        if (!BN_hex2bn(&x, "D")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, Q, ctx))
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+                fprintf(stderr, "Point is not on curve: x = 0x");
+                BN_print_fp(stderr, x);
+                fprintf(stderr, ", y = 0x");
+                BN_print_fp(stderr, y);
+                fprintf(stderr, "\n");
+                ABORT;
+                }
+
+        fprintf(stdout, "A cyclic subgroup:\n");
+        k = 100;
+        do
+                {
+                if (k-- == 0) ABORT;
+
+                if (EC_POINT_is_at_infinity(group, P))
+                        fprintf(stdout, "     point at infinity\n");
+                else
+                        {
+                        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+
+                        fprintf(stdout, "     x = 0x");
+                        BN_print_fp(stdout, x);
+                        fprintf(stdout, ", y = 0x");
+                        BN_print_fp(stdout, y);
+                        fprintf(stdout, "\n");
+                        }
+                
+                if (!EC_POINT_copy(R, P)) ABORT;
+                if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+
+#if 0 /* optional */
+                {
+                        EC_POINT *points[3];
+                
+                        points[0] = R;
+                        points[1] = Q;
+                        points[2] = P;
+                        if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
+                }
+#endif
+
+                }
+        while (!EC_POINT_is_at_infinity(group, P));
+
+        if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
+        fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, ", Y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, ", Z = 0x");
+        BN_print_fp(stdout, z);
+        fprintf(stdout, "\n");
+
+        if (!EC_POINT_invert(group, P, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+        /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
+         * -- not a NIST curve, but commonly used */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
+        if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+        if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 160) ABORT;
+        fprintf(stdout, " ok\n");
+        
+        group_order_tests(group);
+
+        if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_160, group)) ABORT;
+
+
+        /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 192) ABORT;
+        fprintf(stdout, " ok\n");
+        
+        group_order_tests(group);
+
+        if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_192, group)) ABORT;
+
+
+        /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
+        if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 224) ABORT;
+        fprintf(stdout, " ok\n");
+        
+        group_order_tests(group);
+
+        if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_224, group)) ABORT;
+
+
+        /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+                "84F3B9CAC2FC632551")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 256) ABORT;
+        fprintf(stdout, " ok\n");
+        
+        group_order_tests(group);
+
+        if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+        /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+                "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+                "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+                "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 384) ABORT;
+        fprintf(stdout, " ok\n");
+
+        group_order_tests(group);
+
+        if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+        /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+                "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+                "DF883D2C34F1EF451FD46B503F00")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+        if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+                "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+                "3C1856A429BF97E7E31C2E5BD66")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+                "C9B8899C47AEBB6FB71E91386409")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+                "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+                "7086A272C24088BE94769FD16650")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify degree ...");
+        if (EC_GROUP_get_degree(group) != 521) ABORT;
+        fprintf(stdout, " ok\n");
+
+        group_order_tests(group);
+
+        if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+        /* more tests using the last curve */
+
+        if (!EC_POINT_copy(Q, P)) ABORT;
+        if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+        if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+        if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+        if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+        {
+                const EC_POINT *points[4];
+                const BIGNUM *scalars[4];
+                BIGNUM scalar3;
+        
+                if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+                points[0] = Q;
+                points[1] = Q;
+                points[2] = Q;
+                points[3] = Q;
+
+                if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+                if (!BN_add(y, z, BN_value_one())) ABORT;
+                if (BN_is_odd(y)) ABORT;
+                if (!BN_rshift1(y, y)) ABORT;
+                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+                scalars[1] = y;
+
+                fprintf(stdout, "combined multiplication ...");
+                fflush(stdout);
+
+                /* z is still the group order */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+                fprintf(stdout, ".");
+                fflush(stdout);
+
+                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+                if (!BN_add(z, z, y)) ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = y;
+                scalars[1] = z; /* z = -(order + y) */
+
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+                fprintf(stdout, ".");
+                fflush(stdout);
+
+                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+                if (!BN_add(z, x, y)) ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = x;
+                scalars[1] = y;
+                scalars[2] = z; /* z = -(x+y) */
+
+                BN_init(&scalar3);
+                BN_zero(&scalar3);
+                scalars[3] = &scalar3;
+
+                if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+                fprintf(stdout, " ok\n\n");
+
+                BN_free(&scalar3);
+        }
+
+
+#if 0
+        timings(P_160, TIMING_BASE_PT, ctx);
+        timings(P_160, TIMING_RAND_PT, ctx);
+        timings(P_160, TIMING_SIMUL, ctx);
+        timings(P_192, TIMING_BASE_PT, ctx);
+        timings(P_192, TIMING_RAND_PT, ctx);
+        timings(P_192, TIMING_SIMUL, ctx);
+        timings(P_224, TIMING_BASE_PT, ctx);
+        timings(P_224, TIMING_RAND_PT, ctx);
+        timings(P_224, TIMING_SIMUL, ctx);
+        timings(P_256, TIMING_BASE_PT, ctx);
+        timings(P_256, TIMING_RAND_PT, ctx);
+        timings(P_256, TIMING_SIMUL, ctx);
+        timings(P_384, TIMING_BASE_PT, ctx);
+        timings(P_384, TIMING_RAND_PT, ctx);
+        timings(P_384, TIMING_SIMUL, ctx);
+        timings(P_521, TIMING_BASE_PT, ctx);
+        timings(P_521, TIMING_RAND_PT, ctx);
+        timings(P_521, TIMING_SIMUL, ctx);
+#endif
+
+
+        if (ctx)
+                BN_CTX_free(ctx);
+        BN_free(p); BN_free(a); BN_free(b);
+        EC_GROUP_free(group);
+        EC_POINT_free(P);
+        EC_POINT_free(Q);
+        EC_POINT_free(R);
+        BN_free(x); BN_free(y); BN_free(z);
+
+        if (P_160) EC_GROUP_free(P_160);
+        if (P_192) EC_GROUP_free(P_192);
+        if (P_224) EC_GROUP_free(P_224);
+        if (P_256) EC_GROUP_free(P_256);
+        if (P_384) EC_GROUP_free(P_384);
+        if (P_521) EC_GROUP_free(P_521);
+
+        }
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n"); \
+        /* G_y value taken from the standard: */ \
+        if (!BN_hex2bn(&z, _y)) ABORT; \
+        if (0 != BN_cmp(y, z)) ABORT;
+#else 
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!BN_hex2bn(&y, _y)) ABORT; \
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n");
+#endif
+
+#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&p, _p)) ABORT; \
+        if (!BN_hex2bn(&a, _a)) ABORT; \
+        if (!BN_hex2bn(&b, _b)) ABORT; \
+        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+        CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        fprintf(stdout, "verify degree ..."); \
+        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+        fprintf(stdout, " ok\n"); \
+        group_order_tests(group); \
+        if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
+        if (!EC_GROUP_copy(_variable, group)) ABORT; \
+
+#ifndef OPENSSL_NO_EC2M
+
+static void char2_field_tests(void)
+        {
+        BN_CTX *ctx = NULL;
+        BIGNUM *p, *a, *b;
+        EC_GROUP *group;
+        EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
+        EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
+        EC_POINT *P, *Q, *R;
+        BIGNUM *x, *y, *z, *cof;
+        unsigned char buf[100];
+        size_t i, len;
+        int k;
+        
+#if 1 /* optional */
+        ctx = BN_CTX_new();
+        if (!ctx) ABORT;
+#endif
+
+        p = BN_new();
+        a = BN_new();
+        b = BN_new();
+        if (!p || !a || !b) ABORT;
+
+        if (!BN_hex2bn(&p, "13")) ABORT;
+        if (!BN_hex2bn(&a, "3")) ABORT;
+        if (!BN_hex2bn(&b, "1")) ABORT;
+        
+        group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
+                                                        * so that the library gets to choose the EC_METHOD */
+        if (!group) ABORT;
+        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+        {
+                EC_GROUP *tmp;
+                tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+                if (!tmp) ABORT;
+                if (!EC_GROUP_copy(tmp, group)) ABORT;
+                EC_GROUP_free(group);
+                group = tmp;
+        }
+        
+        if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+        fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
+        BN_print_fp(stdout, p);
+        fprintf(stdout, ")\n     a = 0x");
+        BN_print_fp(stdout, a);
+        fprintf(stdout, "\n     b = 0x");
+        BN_print_fp(stdout, b);
+        fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+        P = EC_POINT_new(group);
+        Q = EC_POINT_new(group);
+        R = EC_POINT_new(group);
+        if (!P || !Q || !R) ABORT;
+        
+        if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+        buf[0] = 0;
+        if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+        if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+        x = BN_new();
+        y = BN_new();
+        z = BN_new();
+        cof = BN_new();
+        if (!x || !y || !z || !cof) ABORT;
+
+        if (!BN_hex2bn(&x, "6")) ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+        if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
+#else
+        if (!BN_hex2bn(&y, "8")) ABORT;
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+        if (!EC_POINT_is_on_curve(group, Q, ctx))
+                {
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+                fprintf(stderr, "Point is not on curve: x = 0x");
+                BN_print_fp(stderr, x);
+                fprintf(stderr, ", y = 0x");
+                BN_print_fp(stderr, y);
+                fprintf(stderr, "\n");
+                ABORT;
+                }
+
+        fprintf(stdout, "A cyclic subgroup:\n");
+        k = 100;
+        do
+                {
+                if (k-- == 0) ABORT;
+
+                if (EC_POINT_is_at_infinity(group, P))
+                        fprintf(stdout, "     point at infinity\n");
+                else
+                        {
+                        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
+
+                        fprintf(stdout, "     x = 0x");
+                        BN_print_fp(stdout, x);
+                        fprintf(stdout, ", y = 0x");
+                        BN_print_fp(stdout, y);
+                        fprintf(stdout, "\n");
+                        }
+                
+                if (!EC_POINT_copy(R, P)) ABORT;
+                if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+                }
+        while (!EC_POINT_is_at_infinity(group, P));
+
+        if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+        
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+
+        fprintf(stdout, "\n");
+        
+        if (!EC_POINT_invert(group, P, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+        /* Curve K-163 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve K-163",
+                "0800000000000000000000000000000000000000C9",
+                "1",
+                "1",
+                "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+                "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+                1,
+                "04000000000000000000020108A2E0CC0D99F8A5EF",
+                "2",
+                163,
+                C2_K163
+                );
+
+        /* Curve B-163 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve B-163",
+                "0800000000000000000000000000000000000000C9",
+                "1",
+                "020A601907B8C953CA1481EB10512F78744A3205FD",
+                "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+                "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+                1,
+                "040000000000000000000292FE77E70C12A4234C33",
+                "2",
+                163,
+                C2_B163
+                );
+
+        /* Curve K-233 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve K-233",
+                "020000000000000000000000000000000000000004000000000000000001",
+                "0",
+                "1",
+                "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+                "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+                0,
+                "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+                "4",
+                233,
+                C2_K233
+                );
+
+        /* Curve B-233 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve B-233",
+                "020000000000000000000000000000000000000004000000000000000001",
+                "000000000000000000000000000000000000000000000000000000000001",
+                "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+                "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+                "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+                1,
+                "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+                "2",
+                233,
+                C2_B233
+                );
+
+        /* Curve K-283 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve K-283",
+                "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+                "0",
+                "1",
+                "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+                "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+                0,
+                "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+                "4",
+                283,
+                C2_K283
+                );
+
+        /* Curve B-283 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve B-283",
+                "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+                "000000000000000000000000000000000000000000000000000000000000000000000001",
+                "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+                "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+                "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+                1,
+                "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+                "2",
+                283,
+                C2_B283
+                );
+
+        /* Curve K-409 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve K-409",
+                "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                "0",
+                "1",
+                "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+                "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+                1,
+                "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+                "4",
+                409,
+                C2_K409
+                );
+
+        /* Curve B-409 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve B-409",
+                "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+                "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+                "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+                1,
+                "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+                "2",
+                409,
+                C2_B409
+                );
+
+        /* Curve K-571 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve K-571",
+                "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                "0",
+                "1",
+                "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+                "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+                0,
+                "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+                "4",
+                571,
+                C2_K571
+                );
+
+        /* Curve B-571 (FIPS PUB 186-2, App. 6) */
+        CHAR2_CURVE_TEST
+                (
+                "NIST curve B-571",
+                "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+                "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+                "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+                1,
+                "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+                "2",
+                571,
+                C2_B571
+                );
+
+        /* more tests using the last curve */
+
+        if (!EC_POINT_copy(Q, P)) ABORT;
+        if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+        if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+        if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+        if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+        {
+                const EC_POINT *points[3];
+                const BIGNUM *scalars[3];
+        
+                if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+                points[0] = Q;
+                points[1] = Q;
+                points[2] = Q;
+
+                if (!BN_add(y, z, BN_value_one())) ABORT;
+                if (BN_is_odd(y)) ABORT;
+                if (!BN_rshift1(y, y)) ABORT;
+                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+                scalars[1] = y;
+
+                fprintf(stdout, "combined multiplication ...");
+                fflush(stdout);
+
+                /* z is still the group order */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+                fprintf(stdout, ".");
+                fflush(stdout);
+
+                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+                if (!BN_add(z, z, y)) ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = y;
+                scalars[1] = z; /* z = -(order + y) */
+
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+                fprintf(stdout, ".");
+                fflush(stdout);
+
+                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+                if (!BN_add(z, x, y)) ABORT;
+                BN_set_negative(z, 1);
+                scalars[0] = x;
+                scalars[1] = y;
+                scalars[2] = z; /* z = -(x+y) */
+
+                if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+                fprintf(stdout, " ok\n\n");
+        }
+
+
+#if 0
+        timings(C2_K163, TIMING_BASE_PT, ctx);
+        timings(C2_K163, TIMING_RAND_PT, ctx);
+        timings(C2_K163, TIMING_SIMUL, ctx);
+        timings(C2_B163, TIMING_BASE_PT, ctx);
+        timings(C2_B163, TIMING_RAND_PT, ctx);
+        timings(C2_B163, TIMING_SIMUL, ctx);
+        timings(C2_K233, TIMING_BASE_PT, ctx);
+        timings(C2_K233, TIMING_RAND_PT, ctx);
+        timings(C2_K233, TIMING_SIMUL, ctx);
+        timings(C2_B233, TIMING_BASE_PT, ctx);
+        timings(C2_B233, TIMING_RAND_PT, ctx);
+        timings(C2_B233, TIMING_SIMUL, ctx);
+        timings(C2_K283, TIMING_BASE_PT, ctx);
+        timings(C2_K283, TIMING_RAND_PT, ctx);
+        timings(C2_K283, TIMING_SIMUL, ctx);
+        timings(C2_B283, TIMING_BASE_PT, ctx);
+        timings(C2_B283, TIMING_RAND_PT, ctx);
+        timings(C2_B283, TIMING_SIMUL, ctx);
+        timings(C2_K409, TIMING_BASE_PT, ctx);
+        timings(C2_K409, TIMING_RAND_PT, ctx);
+        timings(C2_K409, TIMING_SIMUL, ctx);
+        timings(C2_B409, TIMING_BASE_PT, ctx);
+        timings(C2_B409, TIMING_RAND_PT, ctx);
+        timings(C2_B409, TIMING_SIMUL, ctx);
+        timings(C2_K571, TIMING_BASE_PT, ctx);
+        timings(C2_K571, TIMING_RAND_PT, ctx);
+        timings(C2_K571, TIMING_SIMUL, ctx);
+        timings(C2_B571, TIMING_BASE_PT, ctx);
+        timings(C2_B571, TIMING_RAND_PT, ctx);
+        timings(C2_B571, TIMING_SIMUL, ctx);
+#endif
+
+
+        if (ctx)
+                BN_CTX_free(ctx);
+        BN_free(p); BN_free(a); BN_free(b);
+        EC_GROUP_free(group);
+        EC_POINT_free(P);
+        EC_POINT_free(Q);
+        EC_POINT_free(R);
+        BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
+
+        if (C2_K163) EC_GROUP_free(C2_K163);
+        if (C2_B163) EC_GROUP_free(C2_B163);
+        if (C2_K233) EC_GROUP_free(C2_K233);
+        if (C2_B233) EC_GROUP_free(C2_B233);
+        if (C2_K283) EC_GROUP_free(C2_K283);
+        if (C2_B283) EC_GROUP_free(C2_B283);
+        if (C2_K409) EC_GROUP_free(C2_K409);
+        if (C2_B409) EC_GROUP_free(C2_B409);
+        if (C2_K571) EC_GROUP_free(C2_K571);
+        if (C2_B571) EC_GROUP_free(C2_B571);
+
+        }
+#endif
+
+static void internal_curve_test(void)
+        {
+        EC_builtin_curve *curves = NULL;
+        size_t crv_len = 0, n = 0;
+        int    ok = 1;
+
+        crv_len = EC_get_builtin_curves(NULL, 0);
+
+        curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+        if (curves == NULL)
+                return;
+
+        if (!EC_get_builtin_curves(curves, crv_len))
+                {
+                OPENSSL_free(curves);
+                return;
+                }
+
+        fprintf(stdout, "testing internal curves: ");
+                
+        for (n = 0; n < crv_len; n++)
+                {
+                EC_GROUP *group = NULL;
+                int nid = curves[n].nid;
+                if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+                        {
+                        ok = 0;
+                        fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+                                " curve %s\n", OBJ_nid2sn(nid));
+                        /* try next curve */
+                        continue;
+                        }
+                if (!EC_GROUP_check(group, NULL))
+                        {
+                        ok = 0;
+                        fprintf(stdout, "\nEC_GROUP_check() failed with"
+                                " curve %s\n", OBJ_nid2sn(nid));
+                        EC_GROUP_free(group);
+                        /* try the next curve */
+                        continue;
+                        }
+                fprintf(stdout, ".");
+                fflush(stdout);
+                EC_GROUP_free(group);
+                }
+        if (ok)
+                fprintf(stdout, " ok\n\n");
+        else
+                {
+                fprintf(stdout, " failed\n\n");
+                ABORT;
+                }
+        OPENSSL_free(curves);
+        return;
+        }
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3. */
+struct nistp_test_params
+        {
+        const EC_METHOD* (*meth) ();
+        int degree;
+        /* Qx, Qy and D are taken from
+         * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+         * Otherwise, values are standard curve parameters from FIPS 180-3 */
+        const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+        };
+
+static const struct nistp_test_params nistp_tests_params[] =
+        {
+                {
+                /* P-224 */
+                EC_GFp_nistp224_method,
+                224,
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
+                "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
+                "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
+                "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
+                "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
+                "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
+                "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
+                },
+                {
+                /* P-256 */
+                EC_GFp_nistp256_method,
+                256,
+                "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
+                "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
+                "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
+                "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
+                "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
+                "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
+                "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
+                "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
+                "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
+                },
+                {
+                /* P-521 */
+                EC_GFp_nistp521_method,
+                521,
+                "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
+                "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
+                "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
+                "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
+                "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
+                "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
+                "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
+                "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
+                "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
+                },
+        };
+
+void nistp_single_test(const struct nistp_test_params *test)
+        {
+        BN_CTX *ctx;
+        BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+        EC_GROUP *NISTP;
+        EC_POINT *G, *P, *Q, *Q_CHECK;
+
+        fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
+        ctx = BN_CTX_new();
+        p = BN_new();
+        a = BN_new();
+        b = BN_new();
+        x = BN_new(); y = BN_new();
+        m = BN_new(); n = BN_new(); order = BN_new();
+
+        NISTP = EC_GROUP_new(test->meth());
+        if(!NISTP) ABORT;
+        if (!BN_hex2bn(&p, test->p)) ABORT;
+        if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, test->a)) ABORT;
+        if (!BN_hex2bn(&b, test->b)) ABORT;
+        if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
+        G = EC_POINT_new(NISTP);
+        P = EC_POINT_new(NISTP);
+        Q = EC_POINT_new(NISTP);
+        Q_CHECK = EC_POINT_new(NISTP);
+        if(!BN_hex2bn(&x, test->Qx)) ABORT;
+        if(!BN_hex2bn(&y, test->Qy)) ABORT;
+        if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
+        if (!BN_hex2bn(&x, test->Gx)) ABORT;
+        if (!BN_hex2bn(&y, test->Gy)) ABORT;
+        if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
+        if (!BN_hex2bn(&order, test->order)) ABORT;
+        if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+
+        fprintf(stdout, "verify degree ... ");
+        if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
+        fprintf(stdout, "ok\n");
+
+        fprintf(stdout, "NIST test vectors ... ");
+        if (!BN_hex2bn(&n, test->d)) ABORT;
+        /* fixed point multiplication */
+        EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+        /* random point multiplication */
+        EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+        /* set generator to P = 2*G, where G is the standard generator */
+        if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
+        if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
+        /* set the scalar to m=n/2, where n is the NIST test scalar */
+        if (!BN_rshift(m, n, 1)) ABORT;
+
+        /* test the non-standard generator */
+        /* fixed point multiplication */
+        EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+        /* random point multiplication */
+        EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+        /* now repeat all tests with precomputation */
+        if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
+
+        /* fixed point multiplication */
+        EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+        /* random point multiplication */
+        EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+        /* reset generator */
+        if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+        /* fixed point multiplication */
+        EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+        /* random point multiplication */
+        EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+        if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+        fprintf(stdout, "ok\n");
+        group_order_tests(NISTP);
+#if 0
+        timings(NISTP, TIMING_BASE_PT, ctx);
+        timings(NISTP, TIMING_RAND_PT, ctx);
+#endif
+        EC_GROUP_free(NISTP);
+        EC_POINT_free(G);
+        EC_POINT_free(P);
+        EC_POINT_free(Q);
+        EC_POINT_free(Q_CHECK);
+        BN_free(n);
+        BN_free(m);
+        BN_free(p);
+        BN_free(a);
+        BN_free(b);
+        BN_free(x);
+        BN_free(y);
+        BN_free(order);
+        BN_CTX_free(ctx);
+        }
+
+void nistp_tests()
+        {
+        unsigned i;
+
+        for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
+                {
+                nistp_single_test(&nistp_tests_params[i]);
+                }
+        }
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+        {       
+        
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+
+        RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+        prime_field_tests();
+        puts("");
+#ifndef OPENSSL_NO_EC2M
+        char2_field_tests();
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+        nistp_tests();
+#endif
+        /* test the internal curves */
+        internal_curve_test();
+
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_cleanup();
+#endif
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_thread_state(NULL);
+        CRYPTO_mem_leaks_fp(stderr);
+        
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
new file mode 100644
index 0000000000..65d8904ee8
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -0,0 +1,121 @@
+#
+# crypto/ecdh/Makefile
+#
+
+DIR=    ecdh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdh.h
+HEADER= ech_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_err.o: ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ech_lib.o: ech_lib.c ech_locl.h
+ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
+ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_ossl.o: ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c
diff --git a/src/lib/libcrypto/ecdh/ecdhtest.c b/src/lib/libcrypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..823d7baa65
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ecdhtest.c
@@ -0,0 +1,374 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>        /* for OPENSSL_NO_ECDH */
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+        {
+#ifndef OPENSSL_NO_SHA
+        if (*outlen < SHA_DIGEST_LENGTH)
+                return NULL;
+        else
+                *outlen = SHA_DIGEST_LENGTH;
+        return SHA1(in, inlen, out);
+#else
+        return NULL;
+#endif
+        }
+
+
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+        {
+        EC_KEY *a=NULL;
+        EC_KEY *b=NULL;
+        BIGNUM *x_a=NULL, *y_a=NULL,
+               *x_b=NULL, *y_b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=0;
+        const EC_GROUP *group;
+
+        a = EC_KEY_new_by_curve_name(nid);
+        b = EC_KEY_new_by_curve_name(nid);
+        if (a == NULL || b == NULL)
+                goto err;
+
+        group = EC_KEY_get0_group(a);
+
+        if ((x_a=BN_new()) == NULL) goto err;
+        if ((y_a=BN_new()) == NULL) goto err;
+        if ((x_b=BN_new()) == NULL) goto err;
+        if ((y_b=BN_new()) == NULL) goto err;
+
+        BIO_puts(out,"Testing key generation with ");
+        BIO_puts(out,text);
+#ifdef NOISY
+        BIO_puts(out,"\n");
+#else
+        (void)BIO_flush(out);
+#endif
+
+        if (!EC_KEY_generate_key(a)) goto err;
+        
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+#ifndef OPENSSL_NO_EC2M
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+#endif
+#ifdef NOISY
+        BIO_puts(out,"  pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\n  pub 1=");
+        BN_print(out,x_a);
+        BIO_puts(out,",");
+        BN_print(out,y_a);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out," .");
+        (void)BIO_flush(out);
+#endif
+
+        if (!EC_KEY_generate_key(b)) goto err;
+
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+#ifndef OPENSSL_NO_EC2M
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+#endif
+
+#ifdef NOISY
+        BIO_puts(out,"  pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\n  pub 2=");
+        BN_print(out,x_b);
+        BIO_puts(out,",");
+        BN_print(out,y_b);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        alen=KDF1_SHA1_len;
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
+
+#ifdef NOISY
+        BIO_puts(out,"  key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        blen=KDF1_SHA1_len;
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
+
+#ifdef NOISY
+        BIO_puts(out,"  key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+#ifndef NOISY
+                BIO_printf(out, " failed\n\n");
+                BIO_printf(out, "key a:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(a));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_a);
+                BIO_printf(out, ",");
+                BN_print(out, y_a);
+                BIO_printf(out, "\nkey b:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(b));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_b);
+                BIO_printf(out, ",");
+                BN_print(out, y_b);
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key a: ");
+                for (i=0; i<bout; i++)
+                        {
+                        sprintf(buf, "%02X", bbuf[i]);
+                        BIO_puts(out, buf);
+                        }
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key b: ");
+                for (i=0; i<aout; i++)
+                        {
+                        sprintf(buf, "%02X", abuf[i]);
+                        BIO_puts(out,buf);
+                        }
+                BIO_printf(out, "\n");
+#endif
+                fprintf(stderr,"Error in ECDH routines\n");
+                ret=0;
+                }
+        else
+                {
+#ifndef NOISY
+                BIO_printf(out, " ok\n");
+#endif
+                ret=1;
+                }
+err:
+        ERR_print_errors_fp(stderr);
+
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if (x_a) BN_free(x_a);
+        if (y_a) BN_free(y_a);
+        if (x_b) BN_free(x_b);
+        if (y_b) BN_free(y_b);
+        if (b) EC_KEY_free(b);
+        if (a) EC_KEY_free(a);
+        return(ret);
+        }
+
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx=NULL;
+        int ret=1;
+        BIO *out;
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        /* NIST PRIME CURVES TESTS */
+        if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+#ifndef OPENSSL_NO_EC2M
+        /* NIST BINARY CURVES TESTS */
+        if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+#endif
+
+        ret = 0;
+
+err:
+        ERR_print_errors_fp(stderr);
+        if (ctx) BN_CTX_free(ctx);
+        BIO_free(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_thread_state(NULL);
+        CRYPTO_mem_leaks_fp(stderr);
+        EXIT(ret);
+        return(ret);
+        }
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/ecdh/ech_ossl.c b/src/lib/libcrypto/ecdh/ech_ossl.c
new file mode 100644
index 0000000000..4a30628fbc
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ech_ossl.c
@@ -0,0 +1,215 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <string.h>
+#include <limits.h>
+
+#include "cryptlib.h"
+
+#include "ech_locl.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+        EC_KEY *ecdh, 
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+
+static ECDH_METHOD openssl_ecdh_meth = {
+        "OpenSSL ECDH method",
+        ecdh_compute_key,
+#if 0
+        NULL, /* init     */
+        NULL, /* finish   */
+#endif
+        0,    /* flags    */
+        NULL  /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+        {
+        return &openssl_ecdh_meth;
+        }
+
+
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+        EC_KEY *ecdh,
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+        {
+        BN_CTX *ctx;
+        EC_POINT *tmp=NULL;
+        BIGNUM *x=NULL, *y=NULL;
+        const BIGNUM *priv_key;
+        const EC_GROUP* group;
+        int ret= -1;
+        size_t buflen, len;
+        unsigned char *buf=NULL;
+
+        if (outlen > INT_MAX)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+                return -1;
+                }
+
+        if ((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        
+        priv_key = EC_KEY_get0_private_key(ecdh);
+        if (priv_key == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+
+        group = EC_KEY_get0_group(ecdh);
+        if ((tmp=EC_POINT_new(group)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                goto err;
+                }
+                
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+#ifndef OPENSSL_NO_EC2M
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+#endif
+
+        buflen = (EC_GROUP_get_degree(group) + 7)/8;
+        len = BN_num_bytes(x);
+        if (len > buflen)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        if ((buf = OPENSSL_malloc(buflen)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        memset(buf, 0, buflen - len);
+        if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+
+        if (KDF != 0)
+                {
+                if (KDF(buf, buflen, out, &outlen) == NULL)
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
+                        goto err;
+                        }
+                ret = outlen;
+                }
+        else
+                {
+                /* no KDF, just copy as much as we can */
+                if (outlen > buflen)
+                        outlen = buflen;
+                memcpy(out, buf, outlen);
+                ret = outlen;
+                }
+        
+err:
+        if (tmp) EC_POINT_free(tmp);
+        if (ctx) BN_CTX_end(ctx);
+        if (ctx) BN_CTX_free(ctx);
+        if (buf) OPENSSL_free(buf);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/ecdsa/Makefile b/src/lib/libcrypto/ecdsa/Makefile
new file mode 100644
index 0000000000..e89e0c010c
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/Makefile
@@ -0,0 +1,140 @@
+#
+# crypto/ecdsa/Makefile
+#
+
+DIR=    ecdsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
+
+LIBOBJ= ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdsa.h
+HEADER= ecs_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h
+ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_err.o: ecs_err.c
+ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h
+ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_ossl.o: ../../include/openssl/opensslconf.h
+ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
+ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ecs_sign.o: ecs_locl.h ecs_sign.c
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
new file mode 100644
index 0000000000..537bb30362
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -0,0 +1,572 @@
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+
+#ifdef OPENSSL_NO_ECDSA
+int main(int argc, char * argv[])
+        {
+        puts("Elliptic curves are disabled.");
+        return 0;
+        }
+#else
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+static const char rnd_seed[] = "string to make the random number generator "
+        "think it has entropy";
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD     fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
+        {
+        /* save old rand method */
+        if ((old_rand = RAND_get_rand_method()) == NULL)
+                return 0;
+
+        fake_rand.seed    = old_rand->seed;
+        fake_rand.cleanup = old_rand->cleanup;
+        fake_rand.add     = old_rand->add;
+        fake_rand.status  = old_rand->status;
+        /* use own random function */
+        fake_rand.bytes      = fbytes;
+        fake_rand.pseudorand = old_rand->bytes;
+        /* set new RAND_METHOD */
+        if (!RAND_set_rand_method(&fake_rand))
+                return 0;
+        return 1;
+        }
+
+int restore_rand(void)
+        {
+        if (!RAND_set_rand_method(old_rand))
+                return 0;
+        else
+                return 1;
+        }
+
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+        "651056770906015076056810763456358567190100156695615665659",
+        "6140507067065001063065065565667405560006161556565665656654",
+        "8763001015071075675010661307616710783570106710677817767166"
+        "71676178726717",
+        "7000000175690566466555057817571571075705015757757057795755"
+        "55657156756655",
+        "1275552191113212300012030439187146164646146646466749494799",
+        "1542725565216523985789236956265265265235675811949404040041",
+        "1456427555219115346513212300075341203043918714616464614664"
+        "64667494947990",
+        "1712787255652165239672857892369562652652652356758119494040"
+        "40041670216363"};
+
+int fbytes(unsigned char *buf, int num)
+        {
+        int     ret;
+        BIGNUM  *tmp = NULL;
+
+        if (fbytes_counter >= 8)
+                return 0;
+        tmp = BN_new();
+        if (!tmp)
+                return 0;
+        if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+                {
+                BN_free(tmp);
+                return 0;
+                }
+        fbytes_counter ++;
+        if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+                ret = 0;
+        else 
+                ret = 1;
+        if (tmp)
+                BN_free(tmp);
+        return ret;
+        }
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+        {
+        int     ret = 0;
+        const char message[] = "abc";
+        unsigned char digest[20];
+        unsigned int  dgst_len = 0;
+        EVP_MD_CTX md_ctx;
+        EC_KEY    *key = NULL;
+        ECDSA_SIG *signature = NULL;
+        BIGNUM    *r = NULL, *s = NULL;
+
+        EVP_MD_CTX_init(&md_ctx);
+        /* get the message digest */
+        EVP_DigestInit(&md_ctx, EVP_ecdsa());
+        EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+        EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+        BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+        /* create the key */
+        if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+                goto x962_int_err;
+        if (!EC_KEY_generate_key(key))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* create the signature */
+        signature = ECDSA_do_sign(digest, 20, key);
+        if (signature == NULL)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* compare the created signature with the expected signature */
+        if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+                goto x962_int_err;
+        if (!BN_dec2bn(&r, r_in) ||
+            !BN_dec2bn(&s, s_in))
+                goto x962_int_err;
+        if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* verify the signature */
+        if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+
+        BIO_printf(out, " ok\n");
+        ret = 1;
+x962_int_err:
+        if (!ret)
+                BIO_printf(out, " failed\n");
+        if (key)
+                EC_KEY_free(key);
+        if (signature)
+                ECDSA_SIG_free(signature);
+        if (r)
+                BN_free(r);
+        if (s)
+                BN_free(s);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return ret;
+        }
+
+int x9_62_tests(BIO *out)
+        {
+        int ret = 0;
+
+        BIO_printf(out, "some tests from X9.62:\n");
+
+        /* set own rand method */
+        if (!change_rand())
+                goto x962_err;
+
+        if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+                "3342403536405981729393488334694600415596881826869351677613",
+                "5735822328888155254683894997897571951568553642892029982342"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+                "3086361431751678114926225473006680188549593787585317781474"
+                "62058306432176",
+                "3238135532097973577080787768312505059318910517550078427819"
+                "78505179448783"))
+                goto x962_err;
+#ifndef OPENSSL_NO_EC2M
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+                "87194383164871543355722284926904419997237591535066528048",
+                "308992691965804947361541664549085895292153777025772063598"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+                "2159633321041961198501834003903461262881815148684178964245"
+                "5876922391552",
+                "1970303740007316867383349976549972270528498040721988191026"
+                "49413465737174"))
+                goto x962_err;
+#endif
+        ret = 1;
+x962_err:
+        if (!restore_rand())
+                ret = 0;
+        return ret;
+        }
+
+int test_builtin(BIO *out)
+        {
+        EC_builtin_curve *curves = NULL;
+        size_t          crv_len = 0, n = 0;
+        EC_KEY          *eckey = NULL, *wrong_eckey = NULL;
+        EC_GROUP        *group;
+        ECDSA_SIG       *ecdsa_sig = NULL;
+        unsigned char   digest[20], wrong_digest[20];
+        unsigned char   *signature = NULL;
+        const unsigned char     *sig_ptr;
+        unsigned char   *sig_ptr2;
+        unsigned char   *raw_buf = NULL;
+        unsigned int    sig_len, degree, r_len, s_len, bn_len, buf_len;
+        int             nid, ret =  0;
+        
+        /* fill digest values with some random data */
+        if (!RAND_pseudo_bytes(digest, 20) ||
+            !RAND_pseudo_bytes(wrong_digest, 20))
+                {
+                BIO_printf(out, "ERROR: unable to get random data\n");
+                goto builtin_err;
+                }
+
+        /* create and verify a ecdsa signature with every availble curve
+         * (with ) */
+        BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+                "with some internal curves:\n");
+
+        /* get a list of all internal curves */
+        crv_len = EC_get_builtin_curves(NULL, 0);
+
+        curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+        if (curves == NULL)
+                {
+                BIO_printf(out, "malloc error\n");
+                goto builtin_err;
+                }
+        
+        if (!EC_get_builtin_curves(curves, crv_len))
+                {
+                BIO_printf(out, "unable to get internal curves\n");
+                goto builtin_err;
+                }
+
+        /* now create and verify a signature for every curve */
+        for (n = 0; n < crv_len; n++)
+                {
+                unsigned char dirt, offset;
+
+                nid = curves[n].nid;
+                if (nid == NID_ipsec4)
+                        continue;
+                /* create new ecdsa key (== EC_KEY) */
+                if ((eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+                if (degree < 160)
+                        /* drop the curve */ 
+                        {
+                        EC_KEY_free(eckey);
+                        eckey = NULL;
+                        continue;
+                        }
+                BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+                /* create key */
+                if (!EC_KEY_generate_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                /* create second key */
+                if ((wrong_eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(wrong_eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                if (!EC_KEY_generate_key(wrong_eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* check key */
+                if (!EC_KEY_check_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* create signature */
+                sig_len = ECDSA_size(eckey);
+                if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+                        goto builtin_err;
+                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature with the wrong key */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, 
+                        wrong_eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* wrong digest */
+                if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+                        eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* wrong length */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
+                        eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+
+                /* Modify a single byte of the signature: to ensure we don't
+                 * garble the ASN1 structure, we read the raw signature and
+                 * modify a byte in one of the bignums directly. */
+                sig_ptr = signature;
+                if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+
+                /* Store the two BIGNUMs in raw_buf. */
+                r_len = BN_num_bytes(ecdsa_sig->r);
+                s_len = BN_num_bytes(ecdsa_sig->s);
+                bn_len = (degree + 7) / 8;
+                if ((r_len > bn_len) || (s_len > bn_len))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                buf_len = 2 * bn_len;
+                if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+                        goto builtin_err;
+                /* Pad the bignums with leading zeroes. */
+                memset(raw_buf, 0, buf_len);
+                BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+                BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+
+                /* Modify a single byte in the buffer. */
+                offset = raw_buf[10] % buf_len;
+                dirt   = raw_buf[11] ? raw_buf[11] : 1;
+                raw_buf[offset] ^= dirt;
+                /* Now read the BIGNUMs back in from raw_buf. */
+                if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+                        goto builtin_err;
+
+                sig_ptr2 = signature;
+                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                /* Sanity check: undo the modification and verify signature. */
+                raw_buf[offset] ^= dirt;
+                if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+                        goto builtin_err;
+
+                sig_ptr2 = signature;
+                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                
+                BIO_printf(out, " ok\n");
+                /* cleanup */
+                /* clean bogus errors */
+                ERR_clear_error();
+                OPENSSL_free(signature);
+                signature = NULL;
+                EC_KEY_free(eckey);
+                eckey = NULL;
+                EC_KEY_free(wrong_eckey);
+                wrong_eckey = NULL;
+                ECDSA_SIG_free(ecdsa_sig);
+                ecdsa_sig = NULL;
+                OPENSSL_free(raw_buf);
+                raw_buf = NULL;
+                }
+
+        ret = 1;        
+builtin_err:
+        if (eckey)
+                EC_KEY_free(eckey);
+        if (wrong_eckey)
+                EC_KEY_free(wrong_eckey);
+        if (ecdsa_sig)
+                ECDSA_SIG_free(ecdsa_sig);
+        if (signature)
+                OPENSSL_free(signature);
+        if (raw_buf)
+                OPENSSL_free(raw_buf);
+        if (curves)
+                OPENSSL_free(curves);
+
+        return ret;
+        }
+
+int main(void)
+        {
+        int     ret = 1;
+        BIO     *out;
+
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
+                (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+        ERR_load_crypto_strings();
+
+        /* initialize the prng */
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+        /* the tests */
+        if (!x9_62_tests(out))  goto err;
+        if (!test_builtin(out)) goto err;
+        
+        ret = 0;
+err:    
+        if (ret)        
+                BIO_printf(out, "\nECDSA test failed\n");
+        else 
+                BIO_printf(out, "\nECDSA test passed\n");
+        if (ret)
+                ERR_print_errors(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_thread_state(NULL);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(out);
+        if (out != NULL)
+                BIO_free(out);
+        return ret;
+        }       
+#endif
diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
new file mode 100644
index 0000000000..d29bdd09a0
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile
@@ -0,0 +1,447 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+        eng_rsax.c eng_rdrand.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+        tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
+        eng_rsax.o eng_rdrand.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h
+eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/objects.h
+eng_cryptodev.o: ../../include/openssl/opensslconf.h
+eng_cryptodev.o: ../../include/openssl/opensslv.h
+eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_cryptodev.o: eng_cryptodev.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_err.o: eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h
+eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
+eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_rdrand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_rdrand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_rdrand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_rdrand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_rdrand.o: ../../include/openssl/opensslconf.h
+eng_rdrand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rdrand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rdrand.o: eng_rdrand.c
+eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rsax.o: eng_rsax.c
+eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+eng_table.o: eng_table.c
+tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_asnmth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_asnmth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_asnmth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_asnmth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_asnmth.o: ../../include/openssl/objects.h
+tb_asnmth.o: ../../include/openssl/opensslconf.h
+tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+tb_asnmth.o: eng_int.h tb_asnmth.c
+tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_cipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+tb_cipher.o: tb_cipher.c
+tb_dh.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
+tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+tb_digest.o: tb_digest.c
+tb_dsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
+tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c
+tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c
+tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_pkmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_pkmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_pkmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_pkmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_pkmeth.o: ../../include/openssl/objects.h
+tb_pkmeth.o: ../../include/openssl/opensslconf.h
+tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
+tb_pkmeth.o: tb_pkmeth.c
+tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c
+tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
+tb_store.o: ../../e_os.h ../../include/openssl/asn1.h
+tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_store.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_store.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_store.c
diff --git a/src/lib/libcrypto/engine/eng_aesni.c b/src/lib/libcrypto/engine/eng_aesni.c
new file mode 100644
index 0000000000..5fdb33bfde
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_aesni.c
@@ -0,0 +1,570 @@
+/*
+ * Support for Intel AES-NI intruction set
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *
+ * Intel AES-NI is a new set of Single Instruction Multiple Data
+ * (SIMD) instructions that are going to be introduced in the next
+ * generation of Intel processor, as of 2009. These instructions
+ * enable fast and secure data encryption and decryption, using the
+ * Advanced Encryption Standard (AES), defined by FIPS Publication
+ * number 197.  The architecture introduces six instructions that
+ * offer full hardware support for AES. Four of them support high
+ * performance data encryption and decryption, and the other two
+ * instructions support the AES key expansion procedure.
+ *
+ * The white paper can be downloaded from:
+ *   http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
+ *
+ * This file is based on engines/e_padlock.c
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <openssl/opensslconf.h>
+
+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/err.h>
+
+/* AES-NI is available *ONLY* on some x86 CPUs.  Not only that it
+   doesn't exist elsewhere, but it even can't be compiled on other
+   platforms! */
+#undef COMPILE_HW_AESNI
+#if (defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined(_M_X64) || \
+     defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) && !defined(__i386__)
+#define COMPILE_HW_AESNI
+#endif
+static ENGINE *ENGINE_aesni (void);
+
+void ENGINE_load_aesni (void)
+{
+/* On non-x86 CPUs it just returns. */
+#ifdef COMPILE_HW_AESNI
+        ENGINE *toadd = ENGINE_aesni();
+        if (!toadd) return;
+        ENGINE_add (toadd);
+        ENGINE_register_complete (toadd);
+        ENGINE_free (toadd);
+        ERR_clear_error ();
+#endif
+}
+
+#ifdef COMPILE_HW_AESNI
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                              AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                              AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                           unsigned char *out,
+                           size_t length,
+                           const AES_KEY *key,
+                           int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                           unsigned char *out,
+                           size_t length,
+                           const AES_KEY *key,
+                           unsigned char *ivec, int enc);
+
+/* Function for ENGINE detection and control */
+static int aesni_init(ENGINE *e);
+
+/* Cipher Stuff */
+static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid);
+
+#define AESNI_MIN_ALIGN 16
+#define AESNI_ALIGN(x) \
+        ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
+
+/* Engine names */
+static const char   aesni_id[] = "aesni",
+                    aesni_name[] = "Intel AES-NI engine",
+                    no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
+
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+static void aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                                 unsigned int len, const void *key,
+                                 unsigned char ivec[16], int *num,
+                                 int enc)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    assert(in && out && key && ivec && num);
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        *(out++) = ivec[n] ^= *(in++);
+                        --len;
+                        n = (n+1) % 16;
+                }
+                while (len>=16) {
+                        aesni_encrypt(ivec, ivec, key);
+                        for (n=0; n<16; n+=sizeof(size_t)) {
+                                *(size_t*)(out+n) =
+                                *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                }
+                n = 0;
+                if (len) {
+                        aesni_encrypt(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = ivec[n] ^= in[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n == 0) {
+                        aesni_encrypt(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^= in[l];
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        unsigned char c;
+                        *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                        --len;
+                        n = (n+1) % 16;
+                }
+                while (len>=16) {
+                        aesni_encrypt(ivec, ivec, key);
+                        for (n=0; n<16; n+=sizeof(size_t)) {
+                                size_t t = *(size_t*)(in+n);
+                                *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                                *(size_t*)(ivec+n) = t;
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                }
+                n = 0;
+                if (len) {
+                        aesni_encrypt(ivec, ivec, key);
+                        while (len--) {
+                                unsigned char c;
+                                out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                unsigned char c;
+                if (n == 0) {
+                        aesni_encrypt(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num=n;
+    }
+}
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+static void aesni_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                                 unsigned int len, const void *key,
+                                 unsigned char ivec[16], int *num)
+{
+        unsigned int n;
+        size_t l=0;
+
+        assert(in && out && key && ivec && num);
+
+        n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ ivec[n];
+                        --len;
+                        n = (n+1) % 16;
+                }
+                while (len>=16) {
+                        aesni_encrypt(ivec, ivec, key);
+                        for (n=0; n<16; n+=sizeof(size_t))
+                                *(size_t*)(out+n) =
+                                *(size_t*)(in+n) ^ *(size_t*)(ivec+n);
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                }
+                n = 0;
+                if (len) {
+                        aesni_encrypt(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = in[n] ^ ivec[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0) {
+                        aesni_encrypt(ivec, ivec, key);
+                }
+                out[l] = in[l] ^ ivec[n];
+                ++l;
+                n = (n+1) % 16;
+        }
+
+        *num=n;
+}
+/* ===== Engine "management" functions ===== */
+
+#if defined(_WIN32)
+typedef unsigned __int64 IA32CAP;
+#else
+typedef unsigned long long IA32CAP;
+#endif
+
+/* Prepare the ENGINE structure for registration */
+static int
+aesni_bind_helper(ENGINE *e)
+{
+        int engage;
+        if (sizeof(OPENSSL_ia32cap_P) > 4) {
+                engage = ((IA32CAP)OPENSSL_ia32cap_P >> 57) & 1;
+        } else {
+                IA32CAP OPENSSL_ia32_cpuid(void);
+                engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
+        }
+
+        /* Register everything or return with an error */
+        if (!ENGINE_set_id(e, aesni_id) ||
+            !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
+
+            !ENGINE_set_init_function(e, aesni_init) ||
+            (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
+            )
+                return 0;
+
+        /* Everything looks good */
+        return 1;
+}
+
+/* Constructor */
+static ENGINE *
+ENGINE_aesni(void)
+{
+        ENGINE *eng = ENGINE_new();
+
+        if (!eng) {
+                return NULL;
+        }
+
+        if (!aesni_bind_helper(eng)) {
+                ENGINE_free(eng);
+                return NULL;
+        }
+
+        return eng;
+}
+
+/* Check availability of the engine */
+static int
+aesni_init(ENGINE *e)
+{
+        return 1;
+}
+
+#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#define NID_aes_128_cfb NID_aes_128_cfb128
+#endif
+
+#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#define NID_aes_128_ofb NID_aes_128_ofb128
+#endif
+
+#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#define NID_aes_192_cfb NID_aes_192_cfb128
+#endif
+
+#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#define NID_aes_192_ofb NID_aes_192_ofb128
+#endif
+
+#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#define NID_aes_256_cfb NID_aes_256_cfb128
+#endif
+
+#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#define NID_aes_256_ofb NID_aes_256_ofb128
+#endif
+
+/* List of supported ciphers. */
+static int aesni_cipher_nids[] = {
+        NID_aes_128_ecb,
+        NID_aes_128_cbc,
+        NID_aes_128_cfb,
+        NID_aes_128_ofb,
+
+        NID_aes_192_ecb,
+        NID_aes_192_cbc,
+        NID_aes_192_cfb,
+        NID_aes_192_ofb,
+
+        NID_aes_256_ecb,
+        NID_aes_256_cbc,
+        NID_aes_256_cfb,
+        NID_aes_256_ofb,
+};
+static int aesni_cipher_nids_num =
+        (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
+
+typedef struct
+{
+        AES_KEY ks;
+        unsigned int _pad1[3];
+} AESNI_KEY;
+
+static int
+aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
+                    const unsigned char *iv, int enc)
+{
+        int ret;
+        AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
+
+        if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+            || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
+            || enc)
+                ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
+        else
+                ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
+
+        if(ret < 0) {
+                EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
+                return 0;
+        }
+
+        return 1;
+}
+
+static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, size_t inl)
+{       AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
+        aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
+        return 1;
+}
+static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, size_t inl)
+{       AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
+        aesni_cbc_encrypt(in, out, inl, key,
+                              ctx->iv, ctx->encrypt);
+        return 1;
+}
+static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, size_t inl)
+{       AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
+
+        aesni_cfb128_encrypt(in, out, inl, key, ctx->iv,
+                             &ctx->num, ctx->encrypt);
+        return 1;
+}
+static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, size_t inl)
+{       AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
+        aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num);
+        return 1;
+}
+
+#define AES_BLOCK_SIZE          16
+
+#define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#define EVP_CIPHER_block_size_OFB       1
+#define EVP_CIPHER_block_size_CFB       1
+
+/* Declaring so many ciphers by hand would be a pain.
+   Instead introduce a bit of preprocessor magic :-) */
+#define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static const EVP_CIPHER aesni_##ksize##_##lmode = {     \
+        NID_aes_##ksize##_##lmode,                      \
+        EVP_CIPHER_block_size_##umode,                  \
+        ksize / 8,                                      \
+        AES_BLOCK_SIZE,                                 \
+        0 | EVP_CIPH_##umode##_MODE,                    \
+        aesni_init_key,                         \
+        aesni_cipher_##lmode,                           \
+        NULL,                                           \
+        sizeof(AESNI_KEY),                              \
+        EVP_CIPHER_set_asn1_iv,                         \
+        EVP_CIPHER_get_asn1_iv,                         \
+        NULL,                                           \
+        NULL                                            \
+}
+
+DECLARE_AES_EVP(128,ecb,ECB);
+DECLARE_AES_EVP(128,cbc,CBC);
+DECLARE_AES_EVP(128,cfb,CFB);
+DECLARE_AES_EVP(128,ofb,OFB);
+
+DECLARE_AES_EVP(192,ecb,ECB);
+DECLARE_AES_EVP(192,cbc,CBC);
+DECLARE_AES_EVP(192,cfb,CFB);
+DECLARE_AES_EVP(192,ofb,OFB);
+
+DECLARE_AES_EVP(256,ecb,ECB);
+DECLARE_AES_EVP(256,cbc,CBC);
+DECLARE_AES_EVP(256,cfb,CFB);
+DECLARE_AES_EVP(256,ofb,OFB);
+
+static int
+aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
+                      const int **nids, int nid)
+{
+        /* No specific cipher => return a list of supported nids ... */
+        if (!cipher) {
+                *nids = aesni_cipher_nids;
+                return aesni_cipher_nids_num;
+        }
+
+        /* ... or the requested "cipher" otherwise */
+        switch (nid) {
+        case NID_aes_128_ecb:
+                *cipher = &aesni_128_ecb;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &aesni_128_cbc;
+                break;
+        case NID_aes_128_cfb:
+                *cipher = &aesni_128_cfb;
+                break;
+        case NID_aes_128_ofb:
+                *cipher = &aesni_128_ofb;
+                break;
+
+        case NID_aes_192_ecb:
+                *cipher = &aesni_192_ecb;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &aesni_192_cbc;
+                break;
+        case NID_aes_192_cfb:
+                *cipher = &aesni_192_cfb;
+                break;
+        case NID_aes_192_ofb:
+                *cipher = &aesni_192_ofb;
+                break;
+
+        case NID_aes_256_ecb:
+                *cipher = &aesni_256_ecb;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &aesni_256_cbc;
+                break;
+        case NID_aes_256_cfb:
+                *cipher = &aesni_256_cfb;
+                break;
+        case NID_aes_256_ofb:
+                *cipher = &aesni_256_ofb;
+                break;
+
+        default:
+                /* Sorry, we don't support this NID */
+                *cipher = NULL;
+                return 0;
+        }
+        return 1;
+}
+
+#endif /* COMPILE_HW_AESNI */
+#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
+
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 6093376df4..0ae5d672b1 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -73,6 +73,7 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
         ENGINE_load_cryptodev();
 #endif
+
 #ifndef OPENSSL_NO_RSAX
         ENGINE_load_rsax();
 #endif
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
new file mode 100644
index 0000000000..a7abac1a7b
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -0,0 +1,1449 @@
+/*
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+        (defined(__OpenBSD__) || defined(__FreeBSD__))
+#include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+#  define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+#  define HAVE_SYSLOG_R
+# endif
+#endif
+
+#ifndef HAVE_CRYPTODEV
+
+void
+ENGINE_load_cryptodev(void)
+{
+        /* This is a NOP on platforms without /dev/crypto */
+        return;
+}
+
+#else 
+ 
+#include <sys/types.h>
+#include <crypto/cryptodev.h>
+#include <crypto/dh/dh.h>
+#include <crypto/dsa/dsa.h>
+#include <crypto/err/err.h>
+#include <crypto/rsa/rsa.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+
+#ifdef USE_CRYPTODEV_DIGESTS
+        char dummy_mac_key[HASH_MAX_LEN];
+
+        unsigned char digest_res[HASH_MAX_LEN];
+        char *mac_data;
+        int mac_len;
+#endif
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int get_cryptodev_ciphers(const int **cnids);
+#ifdef USE_CRYPTODEV_DIGESTS
+static int get_cryptodev_digests(const int **cnids);
+#endif
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa, BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)(void));
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+};
+
+static struct {
+        int     id;
+        int     nid;
+        int     ivmax;
+        int     keylen;
+} ciphers[] = {
+        { CRYPTO_ARC4,                  NID_rc4,                0,      16, },
+        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+        { 0,                            NID_undef,              0,       0, },
+};
+
+#ifdef USE_CRYPTODEV_DIGESTS
+static struct {
+        int     id;
+        int     nid;
+        int     keylen;
+} digests[] = {
+        { CRYPTO_MD5_HMAC,              NID_hmacWithMD5,        16},
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       20},
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          16/*?*/},
+        { CRYPTO_MD5_KPDK,              NID_undef,              0},
+        { CRYPTO_SHA1_KPDK,             NID_undef,              0},
+        { CRYPTO_MD5,                   NID_md5,                16},
+        { CRYPTO_SHA1,                  NID_sha1,               20},
+        { 0,                            NID_undef,              0},
+};
+#endif
+
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1) {
+                if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+                        return (-1);
+                /* close on exec */
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
+                }
+        }
+        return (fd);
+}
+
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
+        if (ioctl(fd, CRIOGET, &retfd) == -1)
+                return (-1);
+
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+#else
+        retfd = fd;
+#endif
+        return (retfd);
+}
+
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+        close(fd);
+#endif
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456789abcdefghijklmno";
+
+        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].id;
+                sess.keylen = ciphers[i].keylen;
+                sess.mac = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].nid;
+        }
+        put_dev_crypto(fd);
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+
+#ifdef USE_CRYPTODEV_DIGESTS
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.mackey = (caddr_t)"123456789abcdefghijklmno";
+        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (digests[i].nid == NID_undef)
+                        continue;
+                sess.mac = digests[i].id;
+                sess.mackeylen = digests[i].keylen;
+                sess.cipher = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = digests[i].nid;
+        }
+        put_dev_crypto(fd);
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+#endif  /* 0 */
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+        return (get_cryptodev_ciphers(nids));
+}
+
+static int
+cryptodev_usable_digests(const int **nids)
+{
+#ifdef USE_CRYPTODEV_DIGESTS
+        return (get_cryptodev_digests(nids));
+#else
+        /*
+         * XXXX just disable all digests for now, because it sucks.
+         * we need a better way to decide this - i.e. I may not
+         * want digests on slow cards like hifn on fast machines,
+         * but might want them on slow or loaded machines, etc.
+         * will also want them when using crypto cards that don't
+         * suck moose gonads - would be nice to be able to decide something
+         * as reasonable default without having hackery that's card dependent.
+         * of course, the default should probably be just do everything,
+         * with perhaps a sysctl to turn algoritms off (or have them off
+         * by default) on cards that generally suck like the hifn.
+         */
+        *nids = NULL;
+        return (0);
+#endif
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t inl)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        const void *iiv;
+        unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+        if (state->d_fd < 0)
+                return (0);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+
+        memset(&cryp, 0, sizeof(cryp));
+
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = inl;
+        cryp.src = (caddr_t) in;
+        cryp.dst = (caddr_t) out;
+        cryp.mac = 0;
+
+        cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+        if (ctx->cipher->iv_len) {
+                cryp.iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        } else
+                cryp.iv = NULL;
+
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+                /* XXX need better errror handling
+                 * this can fail for a number of different reasons.
+                 */
+                return (0);
+        }
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        int cipher = -1, i;
+
+        for (i = 0; ciphers[i].id; i++)
+                if (ctx->cipher->nid == ciphers[i].nid &&
+                    ctx->cipher->iv_len <= ciphers[i].ivmax &&
+                    ctx->key_len == ciphers[i].keylen) {
+                        cipher = ciphers[i].id;
+                        break;
+                }
+
+        if (!ciphers[i].id) {
+                state->d_fd = -1;
+                return (0);
+        }
+
+        memset(sess, 0, sizeof(struct session_op));
+
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+
+        sess->key = (caddr_t)key;
+        sess->keylen = ctx->key_len;
+        sess->cipher = cipher;
+
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                put_dev_crypto(state->d_fd);
+                state->d_fd = -1;
+                return (0);
+        }
+        return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        int ret = 0;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+
+        if (state->d_fd < 0)
+                return (0);
+
+        /* XXX if this ioctl fails, someting's wrong. the invoker
+         * may have called us with a bogus ctx, or we could
+         * have a device that for whatever reason just doesn't
+         * want to play ball - it's not clear what's right
+         * here - should this be an error? should it just
+         * increase a counter, hmm. For right now, we return
+         * 0 - I don't believe that to be "right". we could
+         * call the gorpy openssl lib error handlers that
+         * print messages to users of the library. hmm..
+         */
+
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        put_dev_crypto(state->d_fd);
+        state->d_fd = -1;
+
+        return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* RC4 */
+const EVP_CIPHER cryptodev_rc4 = {
+        NID_rc4,
+        1, 16, 0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        NULL,
+        NULL,
+        NULL
+};
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+        NID_des_cbc,
+        8, 8, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_aes_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+        if (!cipher)
+                return (cryptodev_usable_ciphers(nids));
+
+        switch (nid) {
+        case NID_rc4:
+                *cipher = &cryptodev_rc4;
+                break;
+        case NID_des_ede3_cbc:
+                *cipher = &cryptodev_3des_cbc;
+                break;
+        case NID_des_cbc:
+                *cipher = &cryptodev_des_cbc;
+                break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+        default:
+                *cipher = NULL;
+                break;
+        }
+        return (*cipher != NULL);
+}
+
+
+#ifdef USE_CRYPTODEV_DIGESTS
+
+/* convert digest type to cryptodev */
+static int
+digest_nid_to_cryptodev(int nid)
+{
+        int i;
+
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return (digests[i].id);
+        return (0);
+}
+
+
+static int
+digest_key_length(int nid)
+{
+        int i;
+
+        for (i = 0; digests[i].id; i++)
+                if (digests[i].nid == nid)
+                        return digests[i].keylen;
+        return (0);
+}
+
+
+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+{
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+        int digest;
+
+        if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
+                printf("cryptodev_digest_init: Can't get digest \n");
+                return (0);
+        }
+
+        memset(state, 0, sizeof(struct dev_crypto_state));
+
+        if ((state->d_fd = get_dev_crypto()) < 0) {
+                printf("cryptodev_digest_init: Can't get Dev \n");
+                return (0);
+        }
+
+        sess->mackey = state->dummy_mac_key;
+        sess->mackeylen = digest_key_length(ctx->digest->type);
+        sess->mac = digest;
+
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+                put_dev_crypto(state->d_fd);
+                state->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
+        }
+
+        return (1);
+}
+
+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                size_t count)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+
+        if (!data || state->d_fd < 0) {
+                printf("cryptodev_digest_update: illegal inputs \n");
+                return (0);
+        }
+
+        if (!count) {
+                return (0);
+        }
+
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+                /* if application doesn't support one buffer */
+                state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
+
+                if (!state->mac_data) {
+                        printf("cryptodev_digest_update: realloc failed\n");
+                        return (0);
+                }
+
+                memcpy(state->mac_data + state->mac_len, data, count);
+                state->mac_len += count;
+        
+                return (1);
+        }
+
+        memset(&cryp, 0, sizeof(cryp));
+
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = count;
+        cryp.src = (caddr_t) data;
+        cryp.dst = NULL;
+        cryp.mac = (caddr_t) state->digest_res;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                printf("cryptodev_digest_update: digest failed\n");
+                return (0);
+        }
+        return (1);
+}
+
+
+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+
+        int ret = 1;
+
+        if (!md || state->d_fd < 0) {
+                printf("cryptodev_digest_final: illegal input\n");
+                return(0);
+        }
+
+        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
+                /* if application doesn't support one buffer */
+                memset(&cryp, 0, sizeof(cryp));
+                cryp.ses = sess->ses;
+                cryp.flags = 0;
+                cryp.len = state->mac_len;
+                cryp.src = state->mac_data;
+                cryp.dst = NULL;
+                cryp.mac = (caddr_t)md;
+                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+                        printf("cryptodev_digest_final: digest failed\n");
+                        return (0);
+                }
+
+                return 1;
+        }
+
+        memcpy(md, state->digest_res, ctx->digest->md_size);
+
+        return (ret);
+}
+
+
+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+{
+        int ret = 1;
+        struct dev_crypto_state *state = ctx->md_data;
+        struct session_op *sess = &state->d_sess;
+
+        if (state == NULL)
+          return 0;
+
+        if (state->d_fd < 0) {
+                printf("cryptodev_digest_cleanup: illegal input\n");
+                return (0);
+        }
+
+        if (state->mac_data) {
+                OPENSSL_free(state->mac_data);
+                state->mac_data = NULL;
+                state->mac_len = 0;
+        }
+
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
+                printf("cryptodev_digest_cleanup: failed to close session\n");
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        put_dev_crypto(state->d_fd);    
+        state->d_fd = -1;
+
+        return (ret);
+}
+
+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+{
+        struct dev_crypto_state *fstate = from->md_data;
+        struct dev_crypto_state *dstate = to->md_data;
+        struct session_op *sess;
+        int digest;
+
+        if (dstate == NULL || fstate == NULL)
+          return 1;
+
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+
+        sess = &dstate->d_sess;
+
+        digest = digest_nid_to_cryptodev(to->digest->type);
+
+        sess->mackey = dstate->dummy_mac_key;
+        sess->mackeylen = digest_key_length(to->digest->type);
+        sess->mac = digest;
+
+        dstate->d_fd = get_dev_crypto();
+
+        if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+                put_dev_crypto(dstate->d_fd);
+                dstate->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
+        }
+
+        if (fstate->mac_len != 0) {
+                if (fstate->mac_data != NULL)
+                        {
+                        dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                        memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                        dstate->mac_len = fstate->mac_len;
+                        }
+        }
+
+        return 1;
+}
+
+
+const EVP_MD cryptodev_sha1 = {
+        NID_sha1,
+        NID_undef, 
+        SHA_DIGEST_LENGTH, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        SHA_CBLOCK,
+        sizeof(struct dev_crypto_state),
+};
+
+const EVP_MD cryptodev_md5 = {
+        NID_md5,
+        NID_undef, 
+        16 /* MD5_DIGEST_LENGTH */, 
+        EVP_MD_FLAG_ONESHOT,
+        cryptodev_digest_init,
+        cryptodev_digest_update,
+        cryptodev_digest_final,
+        cryptodev_digest_copy,
+        cryptodev_digest_cleanup,
+        EVP_PKEY_NULL_method,
+        64 /* MD5_CBLOCK */,
+        sizeof(struct dev_crypto_state),
+};
+
+#endif /* USE_CRYPTODEV_DIGESTS */
+
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+        if (!digest)
+                return (cryptodev_usable_digests(nids));
+
+        switch (nid) {
+#ifdef USE_CRYPTODEV_DIGESTS
+        case NID_md5:
+                *digest = &cryptodev_md5; 
+                break;
+        case NID_sha1:
+                *digest = &cryptodev_sha1;
+                break;
+        default:
+#endif /* USE_CRYPTODEV_DIGESTS */
+                *digest = NULL;
+                break;
+        }
+        return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+        int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+
+        crp->crp_p = NULL;
+        crp->crp_nbits = 0;
+
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+
+        b = malloc(bytes);
+        if (b == NULL)
+                return (1);
+        memset(b, 0, bytes);
+
+        crp->crp_p = (caddr_t) b;
+        crp->crp_nbits = bits;
+
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
+                }
+                j += BN_BITS2 / 8;
+        }
+        return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+        u_int8_t *pd;
+        int i, bytes;
+
+        bytes = (crp->crp_nbits + 7) / 8;
+
+        if (bytes == 0)
+                return (-1);
+
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
+
+        return (0);
+}
+
+static void
+zapparams(struct crypt_kop *kop)
+{
+        int i;
+
+        for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
+                if (kop->crk_param[i].crp_p)
+                        free(kop->crk_param[i].crp_p);
+                kop->crk_param[i].crp_p = NULL;
+                kop->crk_param[i].crp_nbits = 0;
+        }
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+        int fd, ret = -1;
+
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
+
+        if (r) {
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+                kop->crk_oparams++;
+        }
+        if (s) {
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+                kop->crk_oparams++;
+        }
+
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+                ret = 0;
+        }
+
+        return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(m, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, Running in software\n");
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+        } else if (ECANCELED == kop.crk_status) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
+
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+        int r;
+        ctx = BN_CTX_new();
+        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+        BN_CTX_free(ctx);
+        return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP_CRT;
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+        if (bn2crparam(rsa->p, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(rsa->q, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(I, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+                goto err;
+        kop.crk_iparams = 6;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF asym process failed, running in Software\n");
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+
+        } else if (ECANCELED == kop.crk_status) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                printf("OCF hardware operation cancelled. Running in Software\n");
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+        }
+        /* else cryptodev operation worked ok ==> ret = 1*/
+
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+        NULL,                           /* rsa_pub_dec */
+        NULL,                           /* rsa_priv_enc */
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+        NULL,                           /* app_data */
+        NULL,                           /* rsa_sign */
+        NULL                            /* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+
+        BN_init(&t2);
+
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+
+        BN_copy(t1,u1);
+
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+        struct crypt_kop kop;
+        BIGNUM *r = NULL, *s = NULL;
+        DSA_SIG *dsaret = NULL;
+
+        if ((r = BN_new()) == NULL)
+                goto err;
+        if ((s = BN_new()) == NULL) {
+                BN_free(r);
+                goto err;
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_SIGN;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+                goto err;
+        kop.crk_iparams = 5;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
+                dsaret = DSA_SIG_new();
+                dsaret->r = r;
+                dsaret->s = s;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                BN_free(r);
+                BN_free(s);
+                dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+        struct crypt_kop kop;
+        int dsaret = 1;
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(sig->r, &kop.crk_param[5]))
+                goto err;
+        if (bn2crparam(sig->s, &kop.crk_param[6]))
+                goto err;
+        kop.crk_iparams = 7;
+
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+/*OCF success value is 0, if not zero, change dsaret to fail*/
+                if(0 != kop.crk_status) dsaret  = 0;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+        NULL,                           /* dsa_sign_setup */
+        NULL,
+        NULL,                           /* dsa_mod_exp */
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+        struct crypt_kop kop;
+        int dhret = 1;
+        int fd, keylen;
+
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
+
+        keylen = BN_num_bits(dh->p);
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+        /* inputs: dh->priv_key pub_key dh->p key */
+        if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(pub_key, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dh->p, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        kop.crk_param[3].crp_p = (caddr_t) key;
+        kop.crk_param[3].crp_nbits = keylen * 8;
+        kop.crk_oparams = 1;
+
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                dhret = (meth->compute_key)(key, pub_key, dh);
+        }
+err:
+        kop.crk_param[3].crp_p = NULL;
+        zapparams(&kop);
+        return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+{
+#ifdef HAVE_SYSLOG_R
+        struct syslog_data sd = SYSLOG_DATA_INIT;
+#endif
+
+        switch (cmd) {
+        default:
+#ifdef HAVE_SYSLOG_R
+                syslog_r(LOG_ERR, &sd,
+                    "cryptodev_ctrl: unknown command %d", cmd);
+#else
+                syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+#endif
+                break;
+        }
+        return (1);
+}
+
+void
+ENGINE_load_cryptodev(void)
+{
+        ENGINE *engine = ENGINE_new();
+        int fd;
+
+        if (engine == NULL)
+                return;
+        if ((fd = get_dev_crypto()) < 0) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                put_dev_crypto(fd);
+                ENGINE_free(engine);
+                return;
+        }
+        put_dev_crypto(fd);
+
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+            !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+            !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+            !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+                cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+                cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
+        }
+
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        }
+
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+
+                cryptodev_dh.generate_key = dh_meth->generate_key;
+                cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
+        }
+
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+}
+
+#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 95c858960b..27846edb1e 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -408,7 +408,6 @@ ENGINE *ENGINE_by_id(const char *id)
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
                                         load_dir, 0) ||
-                                !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
                                 goto notfound;
                 return iterator;
diff --git a/src/lib/libcrypto/engine/eng_rdrand.c b/src/lib/libcrypto/engine/eng_rdrand.c
new file mode 100644
index 0000000000..4e9e91d54b
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_rdrand.c
@@ -0,0 +1,143 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+
+size_t OPENSSL_ia32_rdrand(void);
+
+static int get_random_bytes (unsigned char *buf, int num)
+        {
+        size_t rnd;
+
+        while (num>=(int)sizeof(size_t)) {
+                if ((rnd = OPENSSL_ia32_rdrand()) == 0) return 0;
+
+                *((size_t *)buf) = rnd;
+                buf += sizeof(size_t);
+                num -= sizeof(size_t);
+        }
+        if (num) {
+                if ((rnd = OPENSSL_ia32_rdrand()) == 0) return 0;
+
+                memcpy (buf,&rnd,num);
+        }
+
+        return 1;
+        }
+
+static int random_status (void)
+{       return 1;       }
+
+static RAND_METHOD rdrand_meth =
+        {
+        NULL,   /* seed */
+        get_random_bytes,
+        NULL,   /* cleanup */
+        NULL,   /* add */
+        get_random_bytes,
+        random_status,
+        };
+
+static int rdrand_init(ENGINE *e)
+{       return 1;       }
+
+static const char *engine_e_rdrand_id = "rdrand";
+static const char *engine_e_rdrand_name = "Intel RDRAND engine";
+
+static int bind_helper(ENGINE *e)
+        {
+        if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+            !ENGINE_set_name(e, engine_e_rdrand_name) ||
+            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+            !ENGINE_set_init_function(e, rdrand_init) ||
+            !ENGINE_set_RAND(e, &rdrand_meth) )
+                return 0;
+
+        return 1;
+        }
+
+static ENGINE *ENGINE_rdrand(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_rdrand (void)
+        {
+        extern unsigned int OPENSSL_ia32cap_P[];
+
+        if (OPENSSL_ia32cap_P[1] & (1<<(62-32)))
+                {
+                ENGINE *toadd = ENGINE_rdrand();
+                if(!toadd) return;
+                ENGINE_add(toadd);
+                ENGINE_free(toadd);
+                ERR_clear_error();
+                }
+        }
+#else
+void ENGINE_load_rdrand (void) {}
+#endif
diff --git a/src/lib/libcrypto/engine/eng_rsax.c b/src/lib/libcrypto/engine/eng_rsax.c
new file mode 100644
index 0000000000..96e63477ee
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_rsax.c
@@ -0,0 +1,668 @@
+/* crypto/engine/eng_rsax.c */
+/* Copyright (c) 2010-2010 Intel Corp.
+ *   Author: Vinodh.Gopal@intel.com
+ *           Jim Guilford
+ *           Erdinc.Ozturk@intel.com
+ *           Maxim.Perminov@intel.com
+ *           Ying.Huang@intel.com
+ *
+ * More information about algorithm used can be found at:
+ *   http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/err.h>
+
+/* RSAX is available **ONLY* on x86_64 CPUs */
+#undef COMPILE_RSAX
+
+#if (defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM)
+#define COMPILE_RSAX
+static ENGINE *ENGINE_rsax (void);
+#endif
+
+void ENGINE_load_rsax (void)
+        {
+/* On non-x86 CPUs it just returns. */
+#ifdef COMPILE_RSAX
+        ENGINE *toadd = ENGINE_rsax();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+#endif
+        }
+
+#ifdef COMPILE_RSAX
+#define E_RSAX_LIB_NAME "rsax engine"
+
+static int e_rsax_destroy(ENGINE *e);
+static int e_rsax_init(ENGINE *e);
+static int e_rsax_finish(ENGINE *e);
+static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int e_rsax_rsa_finish(RSA *r);
+#endif
+
+static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = {
+        {0, NULL, NULL, 0}
+        };
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD e_rsax_rsa =
+        {
+        "Intel RSA-X method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        e_rsax_rsa_mod_exp,
+        NULL,
+        NULL,
+        e_rsax_rsa_finish,
+        RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_e_rsax_id = "rsax";
+static const char *engine_e_rsax_name = "RSAX engine support";
+
+/* This internal function is used by ENGINE_rsax() */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+        if(!ENGINE_set_id(e, engine_e_rsax_id) ||
+                        !ENGINE_set_name(e, engine_e_rsax_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &e_rsax_rsa) ||
+#endif
+                        !ENGINE_set_destroy_function(e, e_rsax_destroy) ||
+                        !ENGINE_set_init_function(e, e_rsax_init) ||
+                        !ENGINE_set_finish_function(e, e_rsax_finish) ||
+                        !ENGINE_set_ctrl_function(e, e_rsax_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns))
+                return 0;
+
+#ifndef OPENSSL_NO_RSA
+        meth1 = RSA_PKCS1_SSLeay();
+        e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+        e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp;
+#endif
+        return 1;
+        }
+
+static ENGINE *ENGINE_rsax(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+#ifndef OPENSSL_NO_RSA
+/* Used to attach our own key-data to an RSA structure */
+static int rsax_ex_data_idx = -1;
+#endif
+
+static int e_rsax_destroy(ENGINE *e)
+        {
+        return 1;
+        }
+
+/* (de)initialisation functions. */
+static int e_rsax_init(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        if (rsax_ex_data_idx == -1)
+                rsax_ex_data_idx = RSA_get_ex_new_index(0,
+                        NULL,
+                        NULL, NULL, NULL);
+#endif
+        if (rsax_ex_data_idx  == -1)
+                return 0;
+        return 1;
+        }
+
+static int e_rsax_finish(ENGINE *e)
+        {
+        return 1;
+        }
+
+static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+        {
+        int to_return = 1;
+
+        switch(cmd)
+                {
+        /* The command isn't understood by this engine */
+        default:
+                to_return = 0;
+                break;
+                }
+
+        return to_return;
+        }
+
+
+#ifndef OPENSSL_NO_RSA
+
+#ifdef _WIN32
+typedef unsigned __int64 UINT64;
+#else
+typedef unsigned long long UINT64;
+#endif
+typedef unsigned short UINT16;
+
+/* Table t is interleaved in the following manner:
+ * The order in memory is t[0][0], t[0][1], ..., t[0][7], t[1][0], ...
+ * A particular 512-bit value is stored in t[][index] rather than the more
+ * normal t[index][]; i.e. the qwords of a particular entry in t are not
+ * adjacent in memory
+ */
+
+/* Init BIGNUM b from the interleaved UINT64 array */
+static int interleaved_array_to_bn_512(BIGNUM* b, UINT64 *array);
+
+/* Extract array elements from BIGNUM b
+ * To set the whole array from b, call with n=8
+ */
+static int bn_extract_to_array_512(const BIGNUM* b, unsigned int n, UINT64 *array);
+
+struct mod_ctx_512 {
+    UINT64 t[8][8];
+    UINT64 m[8];
+    UINT64 m1[8]; /* 2^278 % m */
+    UINT64 m2[8]; /* 2^640 % m */
+    UINT64 k1[2]; /* (- 1/m) % 2^128 */
+};
+
+static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data);
+
+void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
+                 UINT64 *g,      /* 512 bits, 8 qwords */
+                 UINT64 *exp,    /* 512 bits, 8 qwords */
+                 struct mod_ctx_512 *data);
+
+typedef struct st_e_rsax_mod_ctx
+{
+  UINT64 type;
+  union {
+    struct mod_ctx_512 b512;
+  } ctx;
+
+} E_RSAX_MOD_CTX;
+
+static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM* m)
+{
+        E_RSAX_MOD_CTX *hptr;
+
+        if (idx < 0 || idx > 2)
+           return NULL;
+
+        hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
+        if (!hptr) {
+            hptr = OPENSSL_malloc(3*sizeof(E_RSAX_MOD_CTX));
+            if (!hptr) return NULL;
+            hptr[2].type = hptr[1].type= hptr[0].type = 0;
+            RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr);
+        }
+
+        if (hptr[idx].type == (UINT64)BN_num_bits(m))
+            return hptr+idx;
+
+        if (BN_num_bits(m) == 512) {
+            UINT64 _m[8];
+            bn_extract_to_array_512(m, 8, _m);
+            memset( &hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512));
+            mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512);
+        }
+
+        hptr[idx].type = BN_num_bits(m);
+        return hptr+idx;
+}
+
+static int e_rsax_rsa_finish(RSA *rsa)
+        {
+        E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
+        if(hptr)
+                {
+                OPENSSL_free(hptr);
+                RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL);
+                }
+        if (rsa->_method_mod_n)
+                BN_MONT_CTX_free(rsa->_method_mod_n);
+        if (rsa->_method_mod_p)
+                BN_MONT_CTX_free(rsa->_method_mod_p);
+        if (rsa->_method_mod_q)
+                BN_MONT_CTX_free(rsa->_method_mod_q);
+        return 1;
+        }
+
+
+static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, E_RSAX_MOD_CTX* rsax_mod_ctx )
+{
+        if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) {
+           if (BN_num_bits(m) == 512) {
+                UINT64 _r[8];
+                UINT64 _g[8];
+                UINT64 _e[8];
+
+                /* Init the arrays from the BIGNUMs */
+                bn_extract_to_array_512(g, 8, _g);
+                bn_extract_to_array_512(e, 8, _e);
+
+                mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512);
+                /* Return the result in the BIGNUM */
+                interleaved_array_to_bn_512(r, _r);
+                return 1;
+           }
+        }
+
+        return BN_mod_exp_mont(r, g, e, m, ctx, in_mont);
+}
+
+/* Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular
+ * exponentiation routine precalculations and a structure to hold the
+ * necessary values.  These files are meant to live in crypto/rsa/ in
+ * the target openssl.
+ */
+
+/*
+ * Local method: extracts a piece from a BIGNUM, to fit it into
+ * an array. Call with n=8 to extract an entire 512-bit BIGNUM
+ */
+static int bn_extract_to_array_512(const BIGNUM* b, unsigned int n, UINT64 *array)
+{
+        int i;
+        UINT64 tmp;
+        unsigned char bn_buff[64];
+        memset(bn_buff, 0, 64);
+        if (BN_num_bytes(b) > 64) {
+                printf ("Can't support this byte size\n");
+                return 0; }
+        if (BN_num_bytes(b)!=0) {
+                if (!BN_bn2bin(b, bn_buff+(64-BN_num_bytes(b)))) {
+                        printf ("Error's in bn2bin\n");
+                        /* We have to error, here */
+                        return 0; } }
+        while (n-- > 0) {
+                array[n] = 0;
+                for (i=7; i>=0; i--) {
+                        tmp = bn_buff[63-(n*8+i)];
+                        array[n] |= tmp << (8*i); } }
+        return 1;
+}
+
+/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */
+static int interleaved_array_to_bn_512(BIGNUM* b, UINT64 *array)
+{
+        unsigned char tmp[64];
+        int n=8;
+        int i;
+        while (n-- > 0) {
+                for (i = 7; i>=0; i--) {
+                        tmp[63-(n*8+i)] = (unsigned char)(array[n]>>(8*i)); } }
+        BN_bin2bn(tmp, 64, b);
+        return 0;
+}
+
+
+/* The main 512bit precompute call */
+static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data)
+ {
+    BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2;
+
+    /* We need a BN_CTX for the modulo functions */
+    BN_CTX* ctx;
+    /* Some tmps */
+    UINT64 _t[8];
+    int i, j, ret = 0;
+
+    /* Init _m with m */
+    BN_init(&_m);
+    interleaved_array_to_bn_512(&_m, m);
+    memset(_t, 0, 64);
+
+    /* Inits */
+    BN_init(&two_768);
+    BN_init(&two_640);
+    BN_init(&two_128);
+    BN_init(&two_512);
+    BN_init(&tmp);
+    BN_init(&tmp2);
+
+    /* Create our context */
+    if ((ctx=BN_CTX_new()) == NULL) { goto err; }
+        BN_CTX_start(ctx);
+
+    /*
+     * For production, if you care, these only need to be set once,
+     * and may be made constants.
+     */
+    BN_lshift(&two_768, BN_value_one(), 768);
+    BN_lshift(&two_640, BN_value_one(), 640);
+    BN_lshift(&two_128, BN_value_one(), 128);
+    BN_lshift(&two_512, BN_value_one(), 512);
+
+    if (0 == (m[7] & 0x8000000000000000)) {
+        exit(1);
+    }
+    if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */
+        exit(1);
+    }
+
+    /* Precompute m1 */
+    BN_mod(&tmp, &two_768, &_m, ctx);
+    if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) {
+            goto err; }
+
+    /* Precompute m2 */
+    BN_mod(&tmp, &two_640, &_m, ctx);
+    if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) {
+            goto err;
+    }
+
+    /*
+     * Precompute k1, a 128b number = ((-1)* m-1 ) mod 2128; k1 should
+     * be non-negative.
+     */
+    BN_mod_inverse(&tmp, &_m, &two_128, ctx);
+    if (!BN_is_zero(&tmp)) { BN_sub(&tmp, &two_128, &tmp); }
+    if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) {
+            goto err; }
+
+    /* Precompute t */
+    for (i=0; i<8; i++) {
+        BN_zero(&tmp);
+        if (i & 1) { BN_add(&tmp, &two_512, &tmp); }
+        if (i & 2) { BN_add(&tmp, &two_512, &tmp); }
+        if (i & 4) { BN_add(&tmp, &two_640, &tmp); }
+
+        BN_nnmod(&tmp2, &tmp, &_m, ctx);
+        if (!bn_extract_to_array_512(&tmp2, 8, _t)) {
+                goto err; }
+        for (j=0; j<8; j++) data->t[j][i] = _t[j]; }
+
+    /* Precompute m */
+    for (i=0; i<8; i++) {
+        data->m[i] = m[i]; }
+
+    ret = 1;
+
+err:
+    /* Cleanup */
+        if (ctx != NULL) {
+                BN_CTX_end(ctx); BN_CTX_free(ctx); }
+    BN_free(&two_768);
+    BN_free(&two_640);
+    BN_free(&two_128);
+    BN_free(&two_512);
+    BN_free(&tmp);
+    BN_free(&tmp2);
+    BN_free(&_m);
+
+    return ret;
+}
+
+
+static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+        {
+        BIGNUM *r1,*m1,*vrfy;
+        BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
+        BIGNUM *dmp1,*dmq1,*c,*pr1;
+        int ret=0;
+
+        BN_CTX_start(ctx);
+        r1 = BN_CTX_get(ctx);
+        m1 = BN_CTX_get(ctx);
+        vrfy = BN_CTX_get(ctx);
+
+        {
+                BIGNUM local_p, local_q;
+                BIGNUM *p = NULL, *q = NULL;
+                int error = 0;
+
+                /* Make sure BN_mod_inverse in Montgomery
+                 * intialization uses the BN_FLG_CONSTTIME flag
+                 * (unless RSA_FLAG_NO_CONSTTIME is set)
+                 */
+                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                        {
+                        BN_init(&local_p);
+                        p = &local_p;
+                        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+                        BN_init(&local_q);
+                        q = &local_q;
+                        BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+                        }
+                else
+                        {
+                        p = rsa->p;
+                        q = rsa->q;
+                        }
+
+                if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+                        {
+                        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+                                error = 1;
+                        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
+                                error = 1;
+                        }
+
+                /* clean up */
+                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                        {
+                        BN_free(&local_p);
+                        BN_free(&local_q);
+                        }
+                if ( error )
+                        goto err;
+        }
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
+
+        /* compute I mod q */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                c = &local_c;
+                BN_with_flags(c, I, BN_FLG_CONSTTIME);
+                if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
+                }
+
+        /* compute r1^dmq1 mod q */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                dmq1 = &local_dmq1;
+                BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+                }
+        else
+                dmq1 = rsa->dmq1;
+
+        if (!e_rsax_bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
+                rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, rsa->q) )) goto err;
+
+        /* compute I mod p */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                c = &local_c;
+                BN_with_flags(c, I, BN_FLG_CONSTTIME);
+                if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
+                }
+
+        /* compute r1^dmp1 mod p */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                dmp1 = &local_dmp1;
+                BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+                }
+        else
+                dmp1 = rsa->dmp1;
+
+        if (!e_rsax_bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
+                rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, rsa->p) )) goto err;
+
+        if (!BN_sub(r0,r0,m1)) goto err;
+        /* This will help stop the size of r0 increasing, which does
+         * affect the multiply if it optimised for a power of 2 size */
+        if (BN_is_negative(r0))
+                if (!BN_add(r0,r0,rsa->p)) goto err;
+
+        if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
+
+        /* Turn BN_FLG_CONSTTIME flag on before division operation */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                pr1 = &local_r1;
+                BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+                }
+        else
+                pr1 = r1;
+        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
+
+        /* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+         * negative. This can break the private key operations: the following
+         * second correction should *always* correct this rare occurrence.
+         * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+        if (BN_is_negative(r0))
+                if (!BN_add(r0,r0,rsa->p)) goto err;
+        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
+        if (!BN_add(r0,r1,m1)) goto err;
+
+        if (rsa->e && rsa->n)
+                {
+                if (!e_rsax_bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, rsa->n) ))
+                    goto err;
+
+                /* If 'I' was greater than (or equal to) rsa->n, the operation
+                 * will be equivalent to using 'I mod n'. However, the result of
+                 * the verify will *always* be less than 'n' so we don't check
+                 * for absolute equality, just congruency. */
+                if (!BN_sub(vrfy, vrfy, I)) goto err;
+                if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
+                if (BN_is_negative(vrfy))
+                        if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
+                if (!BN_is_zero(vrfy))
+                        {
+                        /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
+                         * miscalculated CRT output, just do a raw (slower)
+                         * mod_exp and return that instead. */
+
+                        BIGNUM local_d;
+                        BIGNUM *d = NULL;
+
+                        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                                {
+                                d = &local_d;
+                                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                                }
+                        else
+                                d = rsa->d;
+                        if (!e_rsax_bn_mod_exp(r0,I,d,rsa->n,ctx,
+                                                   rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, rsa->n) )) goto err;
+                        }
+                }
+        ret=1;
+
+err:
+        BN_CTX_end(ctx);
+
+        return ret;
+        }
+#endif /* !OPENSSL_NO_RSA */
+#endif /* !COMPILE_RSAX */
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
new file mode 100644
index 0000000000..f4d70e7e0a
--- /dev/null
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -0,0 +1,283 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+    printf("No ENGINE support\n");
+    return(0);
+}
+#else
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list(void)
+        {
+        ENGINE *h;
+        int loop;
+
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        /* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+        ENGINE_free(h);
+        }
+
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        ERR_clear_error();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = BUF_strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = BUF_strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                ENGINE_free(ptr);
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+                OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_thread_state(NULL);
+        CRYPTO_mem_leaks_fp(stderr);
+        return to_return;
+        }
+#endif
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000000..bc953872dd
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -0,0 +1,1367 @@
+/*
+ * Copyright (c) 2002-2004 Theo de Raadt
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+
+#if (defined(__unix__) || defined(unix)) && !defined(USG)
+#include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+# define HAVE_SYSLOG_R
+# endif
+#endif
+
+#ifndef HAVE_CRYPTODEV
+
+void
+ENGINE_load_cryptodev(void)
+{
+        /* This is a NOP on platforms without /dev/crypto */
+        return;
+}
+
+#else
+
+#include <sys/types.h>
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#if defined(__i386__) || defined(__amd64__)
+#include <sys/sysctl.h>
+#include <machine/cpu.h>
+#include <machine/specialreg.h>
+
+#include <ssl/aes.h>
+
+static int check_viac3aes(void);
+#endif
+
+#define CRYPTO_VIAC3_MAX        3
+
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+};
+
+struct dev_crypto_cipher {
+        int     c_id;
+        int     c_nid;
+        int     c_ivmax;
+        int     c_keylen;
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+/*static int get_cryptodev_digests(const int **cnids);*/
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa, BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+    BN_CTX *ctx);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+};
+
+static struct dev_crypto_cipher ciphers[] = {
+        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+        { 0,                            NID_undef,              0,       0, },
+};
+
+#if 0 /* UNUSED */
+static struct {
+        int     id;
+        int     nid;
+} digests[] = {
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1,                  NID_undef,              },
+        { 0,                            NID_undef,              },
+};
+#endif
+
+/*
+ * Return a fd if /dev/crypto seems usable, -1 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1) {
+                if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+                        return (-1);
+                /* close on exec */
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
+                }
+        }
+        return (fd);
+}
+
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+        if (ioctl(fd, CRIOGET, &retfd) == -1) {
+                close(fd);
+                return (-1);
+        }
+
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+        return (retfd);
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
+}
+
+/* convert libcrypto nids to cryptodev */
+static struct dev_crypto_cipher *
+cipher_nid_to_cryptodev(int nid)
+{
+        int i;
+
+        for (i = 0; ciphers[i].c_id; i++)
+                if (ciphers[i].c_nid == nid)
+                        return (&ciphers[i]);
+        return (NULL);
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX + CRYPTO_VIAC3_MAX + 1];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456781234567812345678";
+
+        for (i = 0; ciphers[i].c_id && count <= CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].c_nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].c_id;
+                sess.keylen = ciphers[i].c_keylen;
+                sess.mac = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].c_nid;
+        }
+        close(fd);
+
+#if defined(__i386__) || defined(__amd64__)
+        /*
+         * Always check for the VIA C3 AES instructions;
+         * even if /dev/crypto is disabled.
+         */
+        if (check_viac3aes() >= 1) {
+                int have_NID_aes_128_cbc = 0;
+                int have_NID_aes_192_cbc = 0;
+                int have_NID_aes_256_cbc = 0;
+
+                for (i = 0; i < count; i++) {
+                        if (nids[i] == NID_aes_128_cbc)
+                                have_NID_aes_128_cbc = 1;
+                        if (nids[i] == NID_aes_192_cbc)
+                                have_NID_aes_192_cbc = 1;
+                        if (nids[i] == NID_aes_256_cbc)
+                                have_NID_aes_256_cbc = 1;
+                }
+                if (!have_NID_aes_128_cbc)
+                        nids[count++] = NID_aes_128_cbc;
+                if (!have_NID_aes_192_cbc)
+                        nids[count++] = NID_aes_192_cbc;
+                if (!have_NID_aes_256_cbc)
+                        nids[count++] = NID_aes_256_cbc;
+        }
+#endif
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+#if 0 /* UNUSED */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (digests[i].nid == NID_undef)
+                        continue;
+                sess.mac = digests[i].id;
+                sess.cipher = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = digests[i].nid;
+        }
+        close(fd);
+
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+#endif
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+        return (get_cryptodev_ciphers(nids));
+}
+
+static int
+cryptodev_usable_digests(const int **nids)
+{
+        /*
+         * XXXX just disable all digests for now, because it sucks.
+         * we need a better way to decide this - i.e. I may not
+         * want digests on slow cards like hifn on fast machines,
+         * but might want them on slow or loaded machines, etc.
+         * will also want them when using crypto cards that don't
+         * suck moose gonads - would be nice to be able to decide something
+         * as reasonable default without having hackery that's card dependent.
+         * of course, the default should probably be just do everything,
+         * with perhaps a sysctl to turn algoritms off (or have them off
+         * by default) on cards that generally suck like the hifn.
+         */
+        *nids = NULL;
+        return (0);
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t inl)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        void *iiv;
+        unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+        if (state->d_fd < 0)
+                return (0);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+
+        memset(&cryp, 0, sizeof(cryp));
+
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = inl;
+        cryp.src = (caddr_t) in;
+        cryp.dst = (caddr_t) out;
+        cryp.mac = 0;
+
+        cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+        if (ctx->cipher->iv_len) {
+                cryp.iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        } else
+                cryp.iv = NULL;
+
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+                /* XXX need better errror handling
+                 * this can fail for a number of different reasons.
+                 */
+                return (0);
+        }
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        struct dev_crypto_cipher *cipher;
+
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
+                return (0);
+
+        if (ctx->cipher->iv_len > cipher->c_ivmax)
+                return (0);
+
+        if (ctx->key_len != cipher->c_keylen)
+                return (0);
+
+        memset(sess, 0, sizeof(struct session_op));
+
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+
+        sess->key = (unsigned char *)key;
+        sess->keylen = ctx->key_len;
+        sess->cipher = cipher->c_id;
+
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                return (0);
+        }
+        return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        int ret = 0;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+
+        if (state->d_fd < 0)
+                return (0);
+
+        /* XXX if this ioctl fails, someting's wrong. the invoker
+         * may have called us with a bogus ctx, or we could
+         * have a device that for whatever reason just doesn't
+         * want to play ball - it's not clear what's right
+         * here - should this be an error? should it just
+         * increase a counter, hmm. For right now, we return
+         * 0 - I don't believe that to be "right". we could
+         * call the gorpy openssl lib error handlers that
+         * print messages to users of the library. hmm..
+         */
+
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);
+        state->d_fd = -1;
+
+        return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+        NID_des_cbc,
+        8, 8, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_128_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+#if defined(__i386__) || defined(__amd64__)
+
+static inline void
+viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep,
+    void *iv)
+{
+#ifdef notdef
+        printf("cw %p[%x %x %x %x] src %p dst %p key %p rep %x iv %p\n",
+            cw, cw[0], cw[1], cw[2], cw[3],
+            src, dst, key, rep, iv);
+#endif
+#if defined(__i386__)
+
+        /*
+         * Clear bit 30 of EFLAGS.
+         */
+        __asm __volatile("pushfl; popfl");
+
+        /*
+         * Cannot simply place key into "b" register, since the compiler
+         * -pic mode uses that register; so instead we must dance a little.
+         */
+        __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcryptcbc; popl %%ebx" :
+            : "m" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
+            : "memory", "cc");
+#else
+
+        /*
+         * Clear bit 30 of EFLAGS.
+         */
+        __asm __volatile("pushfq; popfq");
+        __asm __volatile("rep xcryptcbc" :
+            : "b" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
+            : "memory", "cc");
+#endif
+
+}
+
+#define ISUNALIGNED(x)  ((long)(x)) & 15
+#define DOALIGN(v)      ((void *)(((long)(v) + 15) & ~15))
+
+static int
+xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t inl)
+{
+        unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *save_iv = DOALIGN(save_iv_store);
+        unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *ivs = DOALIGN(ivs_store);
+        void *iiv, *iv = NULL, *ivp = NULL;
+        const void *usein = in;
+        void *useout = out, *spare;
+        int cws[4 + 3], *cw = DOALIGN(cws);
+
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+        if (inl > UINT_MAX)
+                return (0);
+
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                spare = malloc(inl);
+                if (spare == NULL)
+                        return (0);
+
+                if (ISUNALIGNED(in)) {
+                        bcopy(in, spare, inl);
+                        usein = spare;
+                }
+                if (ISUNALIGNED(out))
+                        useout = spare;
+        }
+
+        cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |
+            C3_CRYPT_CWLO_NORMAL;
+        cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT;
+        cw[1] = cw[2] = cw[3] = 0;
+
+        switch (ctx->key_len * 8) {
+        case 128:
+                cw[0] |= C3_CRYPT_CWLO_KEY128;
+                break;
+        case 192:
+                cw[0] |= C3_CRYPT_CWLO_KEY192;
+                break;
+        case 256:
+                cw[0] |= C3_CRYPT_CWLO_KEY256;
+                break;
+        }
+
+        if (ctx->cipher->iv_len) {
+                iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        }
+
+        ivp = iv;
+        if (ISUNALIGNED(iv)) {
+                bcopy(iv, ivs, ctx->cipher->iv_len);
+                ivp = ivs;
+        }
+
+        viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data,  inl / 16, ivp);
+
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                if (ISUNALIGNED(out))
+                        bcopy(spare, out, inl);
+                free(spare);
+        }
+
+        if (ivp == ivs)
+                bcopy(ivp, iv, ctx->cipher->iv_len);
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        AES_KEY *k = ctx->cipher_data;
+#ifndef AES_ASM
+        int i;
+#endif
+
+        bzero(k, sizeof *k);
+        if (enc)
+                AES_set_encrypt_key(key, ctx->key_len * 8, k);
+        else
+                AES_set_decrypt_key(key, ctx->key_len * 8, k);
+
+#ifndef AES_ASM
+        /*
+         * XXX Damn OpenSSL byte swaps the expanded key!!
+         *
+         * XXX But only if we're using the C implementation of AES
+         */
+        for (i = 0; i < 4 * (AES_MAXNR + 1); i++)
+                k->rd_key[i] = htonl(k->rd_key[i]);
+#endif
+
+        return (1);
+}
+
+static int
+xcrypt_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        bzero(ctx->cipher_data, ctx->cipher->ctx_size);
+        return (1);
+}
+
+static int
+check_viac3aes(void)
+{
+        int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value;
+        size_t size = sizeof(value);
+
+        if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size,
+            NULL, 0) < 0)
+                return (0);
+        if (value == 0)
+                return (0);
+
+        if (value & C3_HAS_AES) {
+                cryptodev_aes_128_cbc.init = xcrypt_init_key;
+                cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_192_cbc.init = xcrypt_init_key;
+                cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_256_cbc.init = xcrypt_init_key;
+                cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY);
+        }
+        return (value);
+}
+#endif /* __i386__ || __amd64__ */
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+        if (!cipher)
+                return (cryptodev_usable_ciphers(nids));
+
+        switch (nid) {
+        case NID_des_ede3_cbc:
+                *cipher = &cryptodev_3des_cbc;
+                break;
+        case NID_des_cbc:
+                *cipher = &cryptodev_des_cbc;
+                break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_128_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+        default:
+                *cipher = NULL;
+                break;
+        }
+        return (*cipher != NULL);
+}
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+        if (!digest)
+                return (cryptodev_usable_digests(nids));
+
+        switch (nid) {
+        case NID_md5:
+                *digest = NULL; /* need to make a clean md5 critter */
+                break;
+        default:
+                *digest = NULL;
+                break;
+        }
+        return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+        int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+
+        crp->crp_p = NULL;
+        crp->crp_nbits = 0;
+
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+
+        b = malloc(bytes);
+        if (b == NULL)
+                return (1);
+
+        crp->crp_p = b;
+        crp->crp_nbits = bits;
+
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
+                }
+                j += BN_BITS2 / 8;
+        }
+        return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+        u_int8_t *pd;
+        int i, bytes;
+
+        bytes = (crp->crp_nbits + 7) / 8;
+
+        if (bytes == 0)
+                return (-1);
+
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
+
+        return (0);
+}
+
+static void
+zapparams(struct crypt_kop *kop)
+{
+        int i;
+
+        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+                if (kop->crk_param[i].crp_p)
+                        free(kop->crk_param[i].crp_p);
+                kop->crk_param[i].crp_p = NULL;
+                kop->crk_param[i].crp_nbits = 0;
+        }
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+        int fd, ret = -1;
+
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
+
+        if (r) {
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+                kop->crk_oparams++;
+        }
+        if (s) {
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+                kop->crk_oparams++;
+        }
+
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+                ret = 0;
+        }
+
+        return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(m, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+    BN_CTX *ctx)
+{
+        return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP_CRT;
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+        if (bn2crparam(rsa->p, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(rsa->q, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(I, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+                goto err;
+        kop.crk_iparams = 6;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+        NULL,                           /* rsa_pub_dec */
+        NULL,                           /* rsa_priv_enc */
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+        NULL,                           /* app_data */
+        NULL,                           /* rsa_sign */
+        NULL                            /* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+
+        BN_init(&t2);
+
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+
+        BN_copy(t1,u1);
+
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+        struct crypt_kop kop;
+        BIGNUM *r = NULL, *s = NULL;
+        DSA_SIG *dsaret = NULL;
+
+        if ((r = BN_new()) == NULL)
+                goto err;
+        if ((s = BN_new()) == NULL) {
+                BN_free(r);
+                goto err;
+        }
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_SIGN;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+                goto err;
+        kop.crk_iparams = 5;
+
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
+                dsaret = DSA_SIG_new();
+                dsaret->r = r;
+                dsaret->s = s;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                BN_free(r);
+                BN_free(s);
+                dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+        struct crypt_kop kop;
+        int dsaret = 1;
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(sig->r, &kop.crk_param[5]))
+                goto err;
+        if (bn2crparam(sig->s, &kop.crk_param[6]))
+                goto err;
+        kop.crk_iparams = 7;
+
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+                dsaret = kop.crk_status;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+        NULL,                           /* dsa_sign_setup */
+        NULL,
+        NULL,                           /* dsa_mod_exp */
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+        struct crypt_kop kop;
+        int dhret = 1;
+        int fd, keylen;
+
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
+
+        keylen = BN_num_bits(dh->p);
+
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+        /* inputs: dh->priv_key pub_key dh->p key */
+        if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(pub_key, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dh->p, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+
+        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_nbits = keylen * 8;
+        kop.crk_oparams = 1;
+
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
+                const DH_METHOD *meth = DH_OpenSSL();
+
+                dhret = (meth->compute_key)(key, pub_key, dh);
+        }
+err:
+        kop.crk_param[3].crp_p = NULL;
+        zapparams(&kop);
+        return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+#ifdef HAVE_SYSLOG_R
+        struct syslog_data sd = SYSLOG_DATA_INIT;
+#endif
+
+        switch (cmd) {
+        default:
+#ifdef HAVE_SYSLOG_R
+                syslog_r(LOG_ERR, &sd,
+                    "cryptodev_ctrl: unknown command %d", cmd);
+#else
+                syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+#endif
+                break;
+        }
+        return (1);
+}
+
+void
+ENGINE_load_cryptodev(void)
+{
+        ENGINE *engine = ENGINE_new();
+        int fd;
+
+        if (engine == NULL)
+                return;
+        if ((fd = get_dev_crypto()) < 0) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                close(fd);
+                ENGINE_free(engine);
+                return;
+        }
+        close(fd);
+
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+            !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+            !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+            !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+                ENGINE_free(engine);
+                return;
+        }
+
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+                cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+                cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
+        }
+
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        }
+
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+
+                cryptodev_dh.generate_key = dh_meth->generate_key;
+                cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
+        }
+
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+}
+
+#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile
new file mode 100644
index 0000000000..862b23ba17
--- /dev/null
+++ b/src/lib/libcrypto/err/Makefile
@@ -0,0 +1,110 @@
+#
+# OpenSSL/crypto/err/Makefile
+#
+
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err.o: ../cryptlib.h err.c
+err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h
+err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 8eb547d98d..bd8946d8ba 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -64,9 +64,7 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
-#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -97,9 +95,6 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -107,6 +102,11 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
+#include <openssl/comp.h>
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 void ERR_load_crypto_strings(void)
         {
@@ -130,9 +130,7 @@ void ERR_load_crypto_strings(void)
         ERR_load_ASN1_strings();
         ERR_load_CONF_strings();
         ERR_load_CRYPTO_strings();
-#ifndef OPENSSL_NO_COMP
         ERR_load_COMP_strings();
-#endif
 #ifndef OPENSSL_NO_EC
         ERR_load_EC_strings();
 #endif
@@ -155,14 +153,15 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
         ERR_load_JPAKE_strings();
 #endif
+        ERR_load_COMP_strings();
+#endif
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
 #endif
         }
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
new file mode 100644
index 0000000000..0fe1b96bff
--- /dev/null
+++ b/src/lib/libcrypto/evp/Makefile
@@ -0,0 +1,771 @@
+#
+# OpenSSL/crypto/evp/Makefile
+#
+
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+        e_rc4.c e_aes.c names.c e_seed.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+        e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
+
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
+        e_rc4.o e_aes.o names.o e_seed.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+        e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= evp_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        cp $(TESTDATA) ../../test
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_md.o: ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_all.o: ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_allc.o: ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_alld.o: ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+digest.o: ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
+e_aes_cbc_hmac_sha1.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_camellia.o: ../../include/openssl/opensslconf.h
+e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_null.o: ../cryptlib.h e_null.c
+e_old.o: e_old.c
+e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
+e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
+e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
+e_rc4_hmac_md5.o: ../../include/openssl/objects.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
+e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
+e_rc4_hmac_md5.o: ../../include/openssl/stack.h
+e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
+e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
+e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
+e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_seed.o: e_seed.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+e_xcbc_d.o: evp_locl.h
+encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+encode.o: ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_err.o: ../../include/openssl/symhacks.h evp_err.c
+evp_fips.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_fips.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_fips.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+evp_fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_fips.o: ../../include/openssl/symhacks.h evp_fips.c
+evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
+m_md2.o: ../../e_os.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_ripemd.o: m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
+m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sigver.o: ../../include/openssl/opensslconf.h
+m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_sigver.o: m_sigver.c
+m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
+m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
+names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+p5_crpt2.o: p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
+pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_fn.o: pmeth_fn.c
+pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pmeth_gn.o: ../../include/openssl/opensslconf.h
+pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_gn.o: pmeth_gn.c
+pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_lib.o: ../../include/openssl/objects.h
+pmeth_lib.o: ../../include/openssl/opensslconf.h
+pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pmeth_lib.o: evp_locl.h pmeth_lib.c
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index ac6d441aad..72a2a67277 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
                                 }
 
                         /* we fell off the end without starting */
-                        if ((j == i) && (num == 0))
+                        if (j == i)
                                 {
                                 /* Is this is one long chunk?, if so, keep on
                                  * reading until a new line. */
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
new file mode 100644
index 0000000000..e64335353f
--- /dev/null
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -0,0 +1,624 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+        From: Arne Ansper <arne@cyber.ee>
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in 
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password 
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is 
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all. 
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output. 
+
+        The easy way is to push the BIO_f_md and save the checksum at 
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data. 
+        2) you need lot's of memory when reading the file, because you 
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data. 
+        
+        BIO_f_reliable tries to solve both problems, so that you can 
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only 
+        several Kbytes of memory to buffer single block before verifying 
+        it's digest. 
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream 
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable 
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of 
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output 
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static int sig_out(BIO* b);
+static int sig_in(BIO* b);
+static int block_out(BIO* b);
+static int block_in(BIO* b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct
+        {
+        size_t buf_len;
+        size_t buf_off;
+        size_t buf_len_save;
+        size_t buf_off_save;
+        int cont;               /* <= 0 when finished */
+        int finished;
+        EVP_MD_CTX md;
+        int blockout;           /* output block is ready */ 
+        int sigio;              /* must process signature */
+        unsigned char buf[IOBS];
+        } BIO_OK_CTX;
+
+static BIO_METHOD methods_ok=
+        {
+        BIO_TYPE_CIPHER,"reliable",
+        ok_write,
+        ok_read,
+        NULL, /* ok_puts, */
+        NULL, /* ok_gets, */
+        ok_ctrl,
+        ok_new,
+        ok_free,
+        ok_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_reliable(void)
+        {
+        return(&methods_ok);
+        }
+
+static int ok_new(BIO *bi)
+        {
+        BIO_OK_CTX *ctx;
+
+        ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+        if (ctx == NULL) return(0);
+
+        ctx->buf_len=0;
+        ctx->buf_off=0;
+        ctx->buf_len_save=0;
+        ctx->buf_off_save=0;
+        ctx->cont=1;
+        ctx->finished=0;
+        ctx->blockout= 0;
+        ctx->sigio=1;
+
+        EVP_MD_CTX_init(&ctx->md);
+
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int ok_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int ok_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i,n;
+        BIO_OK_CTX *ctx;
+
+        if (out == NULL) return(0);
+        ctx=(BIO_OK_CTX *)b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+        while(outl > 0)
+                {
+
+                /* copy clean bytes to output buffer */
+                if (ctx->blockout)
+                        {
+                        i=ctx->buf_len-ctx->buf_off;
+                        if (i > outl) i=outl;
+                        memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                        ret+=i;
+                        out+=i;
+                        outl-=i;
+                        ctx->buf_off+=i;
+
+                        /* all clean bytes are out */
+                        if (ctx->buf_len == ctx->buf_off)
+                                {
+                                ctx->buf_off=0;
+
+                                /* copy start of the next block into proper place */
+                                if(ctx->buf_len_save- ctx->buf_off_save > 0)
+                                        {
+                                        ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
+                                        memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                                                        ctx->buf_len);
+                                        }
+                                else
+                                        {
+                                        ctx->buf_len=0;
+                                        }
+                                ctx->blockout= 0;
+                                }
+                        }
+        
+                /* output buffer full -- cancel */
+                if (outl == 0) break;
+
+                /* no clean bytes in buffer -- fill it */
+                n=IOBS- ctx->buf_len;
+                i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
+
+                if (i <= 0) break;      /* nothing new */
+
+                ctx->buf_len+= i;
+
+                /* no signature yet -- check if we got one */
+                if (ctx->sigio == 1)
+                        {
+                        if (!sig_in(b))
+                                {
+                                BIO_clear_retry_flags(b);
+                                return 0;
+                                }
+                        }
+
+                /* signature ok -- check if we got block */
+                if (ctx->sigio == 0)
+                        {
+                        if (!block_in(b))
+                                {
+                                BIO_clear_retry_flags(b);
+                                return 0;
+                                }
+                        }
+
+                /* invalid block -- cancel */
+                if (ctx->cont <= 0) break;
+
+                }
+
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int ok_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0,n,i;
+        BIO_OK_CTX *ctx;
+
+        if (inl <= 0) return inl;
+
+        ctx=(BIO_OK_CTX *)b->ptr;
+        ret=inl;
+
+        if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+        if(ctx->sigio && !sig_out(b))
+                return 0;
+
+        do{
+                BIO_clear_retry_flags(b);
+                n=ctx->buf_len-ctx->buf_off;
+                while (ctx->blockout && n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if(!BIO_should_retry(b))
+                                        ctx->cont= 0;
+                                return(i);
+                                }
+                        ctx->buf_off+=i;
+                        n-=i;
+                        }
+
+                /* at this point all pending data has been written */
+                ctx->blockout= 0;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=OK_BLOCK_BLOCK;
+                        ctx->buf_off=0;
+                        }
+        
+                if ((in == NULL) || (inl <= 0)) return(0);
+
+                n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
+                        (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;
+
+                memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
+                ctx->buf_len+= n;
+                inl-=n;
+                in+=n;
+
+                if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
+                        {
+                        if (!block_out(b))
+                                {
+                                BIO_clear_retry_flags(b);
+                                return 0;
+                                }
+                        }
+        }while(inl > 0);
+
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD *md;
+        const EVP_MD **ppmd;
+        long ret=1;
+        int i;
+
+        ctx=b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->buf_len_save=0;
+                ctx->buf_off_save=0;
+                ctx->cont=1;
+                ctx->finished=0;
+                ctx->blockout= 0;
+                ctx->sigio=1;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+        case BIO_CTRL_WPENDING: /* More to read in buffer */
+                ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+                if(ctx->blockout == 0)
+                        if (!block_out(b))
+                                return 0;
+
+                while (ctx->blockout)
+                        {
+                        i=ok_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+
+                ctx->finished=1;
+                ctx->buf_off=ctx->buf_len=0;
+                ctx->cont=(int)ret;
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->cont;
+                break;
+        case BIO_C_SET_MD:
+                md=ptr;
+                if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
+                        return 0;
+                b->init=1;
+                break;
+        case BIO_C_GET_MD:
+                if (b->init)
+                        {
+                        ppmd=ptr;
+                        *ppmd=ctx->md.digest;
+                        }
+                else
+                        ret=0;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static void longswap(void *_ptr, size_t len)
+{       const union { long one; char little; } is_endian = {1};
+
+        if (is_endian.little) {
+                size_t i;
+                unsigned char *p=_ptr,c;
+
+                for(i= 0;i < len;i+= 4) {
+                        c=p[0],p[0]=p[3],p[3]=c;
+                        c=p[1],p[1]=p[2],p[2]=c;
+                }
+        }
+}
+
+static int sig_out(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+
+        ctx=b->ptr;
+        md=&ctx->md;
+
+        if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return 1;
+
+        if (!EVP_DigestInit_ex(md, md->digest, NULL))
+                goto berr;
+        /* FIXME: there's absolutely no guarantee this makes any sense at all,
+         * particularly now EVP_MD_CTX has been restructured.
+         */
+        RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+        memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+        longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+        ctx->buf_len+= md->digest->md_size;
+
+        if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+                goto berr;
+        if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+                goto berr;
+        ctx->buf_len+= md->digest->md_size;
+        ctx->blockout= 1;
+        ctx->sigio= 0;
+        return 1;
+        berr:
+        BIO_clear_retry_flags(b);
+        return 0;
+        }
+
+static int sig_in(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        unsigned char tmp[EVP_MAX_MD_SIZE];
+        int ret= 0;
+
+        ctx=b->ptr;
+        md=&ctx->md;
+
+        if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return 1;
+
+        if (!EVP_DigestInit_ex(md, md->digest, NULL))
+                goto berr;
+        memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+        longswap(md->md_data, md->digest->md_size);
+        ctx->buf_off+= md->digest->md_size;
+
+        if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+                goto berr;
+        if (!EVP_DigestFinal_ex(md, tmp, NULL))
+                goto berr;
+        ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+        ctx->buf_off+= md->digest->md_size;
+        if(ret == 1)
+                {
+                ctx->sigio= 0;
+                if(ctx->buf_len != ctx->buf_off)
+                        {
+                        memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
+                        }
+                ctx->buf_len-= ctx->buf_off;
+                ctx->buf_off= 0;
+                }
+        else
+                {
+                ctx->cont= 0;
+                }
+        return 1;
+        berr:
+        BIO_clear_retry_flags(b);
+        return 0;
+        }
+
+static int block_out(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        unsigned long tl;
+
+        ctx=b->ptr;
+        md=&ctx->md;
+
+        tl= ctx->buf_len- OK_BLOCK_BLOCK;
+        ctx->buf[0]=(unsigned char)(tl>>24);
+        ctx->buf[1]=(unsigned char)(tl>>16);
+        ctx->buf[2]=(unsigned char)(tl>>8);
+        ctx->buf[3]=(unsigned char)(tl);
+        if (!EVP_DigestUpdate(md,
+                (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
+                goto berr;
+        if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+                goto berr;
+        ctx->buf_len+= md->digest->md_size;
+        ctx->blockout= 1;
+        return 1;
+        berr:
+        BIO_clear_retry_flags(b);
+        return 0;
+        }
+
+static int block_in(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        unsigned long tl= 0;
+        unsigned char tmp[EVP_MAX_MD_SIZE];
+
+        ctx=b->ptr;
+        md=&ctx->md;
+
+        assert(sizeof(tl)>=OK_BLOCK_BLOCK);     /* always true */
+        tl =ctx->buf[0]; tl<<=8;
+        tl|=ctx->buf[1]; tl<<=8;
+        tl|=ctx->buf[2]; tl<<=8;
+        tl|=ctx->buf[3];
+
+        if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return 1;
+ 
+        if (!EVP_DigestUpdate(md,
+                        (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
+                goto berr;
+        if (!EVP_DigestFinal_ex(md, tmp, NULL))
+                goto berr;
+        if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
+                {
+                /* there might be parts from next block lurking around ! */
+                ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
+                ctx->buf_len_save= ctx->buf_len;
+                ctx->buf_off= OK_BLOCK_BLOCK;
+                ctx->buf_len= tl+ OK_BLOCK_BLOCK;
+                ctx->blockout= 1;
+                }
+        else
+                {
+                ctx->cont= 0;
+                }
+        return 1;
+        berr:
+        BIO_clear_retry_flags(b);
+        return 0;
+        }
+
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
new file mode 100644
index 0000000000..2a45d435e5
--- /dev/null
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -0,0 +1,230 @@
+/* crypto/evp/c_allc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_ciphers(void)
+        {
+
+#ifndef OPENSSL_NO_DES
+        EVP_add_cipher(EVP_des_cfb());
+        EVP_add_cipher(EVP_des_cfb1());
+        EVP_add_cipher(EVP_des_cfb8());
+        EVP_add_cipher(EVP_des_ede_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb1());
+        EVP_add_cipher(EVP_des_ede3_cfb8());
+
+        EVP_add_cipher(EVP_des_ofb());
+        EVP_add_cipher(EVP_des_ede_ofb());
+        EVP_add_cipher(EVP_des_ede3_ofb());
+
+        EVP_add_cipher(EVP_desx_cbc());
+        EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+        EVP_add_cipher_alias(SN_desx_cbc,"desx");
+
+        EVP_add_cipher(EVP_des_cbc());
+        EVP_add_cipher_alias(SN_des_cbc,"DES");
+        EVP_add_cipher_alias(SN_des_cbc,"des");
+        EVP_add_cipher(EVP_des_ede_cbc());
+        EVP_add_cipher(EVP_des_ede3_cbc());
+        EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+        EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+        EVP_add_cipher(EVP_des_ecb());
+        EVP_add_cipher(EVP_des_ede());
+        EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef OPENSSL_NO_RC4
+        EVP_add_cipher(EVP_rc4());
+        EVP_add_cipher(EVP_rc4_40());
+#ifndef OPENSSL_NO_MD5
+        EVP_add_cipher(EVP_rc4_hmac_md5());
+#endif
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+        EVP_add_cipher(EVP_idea_ecb());
+        EVP_add_cipher(EVP_idea_cfb());
+        EVP_add_cipher(EVP_idea_ofb());
+        EVP_add_cipher(EVP_idea_cbc());
+        EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+        EVP_add_cipher_alias(SN_idea_cbc,"idea");
+#endif
+
+#ifndef OPENSSL_NO_SEED
+        EVP_add_cipher(EVP_seed_ecb());
+        EVP_add_cipher(EVP_seed_cfb());
+        EVP_add_cipher(EVP_seed_ofb());
+        EVP_add_cipher(EVP_seed_cbc());
+        EVP_add_cipher_alias(SN_seed_cbc,"SEED");
+        EVP_add_cipher_alias(SN_seed_cbc,"seed");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+        EVP_add_cipher(EVP_rc2_ecb());
+        EVP_add_cipher(EVP_rc2_cfb());
+        EVP_add_cipher(EVP_rc2_ofb());
+        EVP_add_cipher(EVP_rc2_cbc());
+        EVP_add_cipher(EVP_rc2_40_cbc());
+        EVP_add_cipher(EVP_rc2_64_cbc());
+        EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+        EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+#endif
+
+#ifndef OPENSSL_NO_BF
+        EVP_add_cipher(EVP_bf_ecb());
+        EVP_add_cipher(EVP_bf_cfb());
+        EVP_add_cipher(EVP_bf_ofb());
+        EVP_add_cipher(EVP_bf_cbc());
+        EVP_add_cipher_alias(SN_bf_cbc,"BF");
+        EVP_add_cipher_alias(SN_bf_cbc,"bf");
+        EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+        EVP_add_cipher(EVP_cast5_ecb());
+        EVP_add_cipher(EVP_cast5_cfb());
+        EVP_add_cipher(EVP_cast5_ofb());
+        EVP_add_cipher(EVP_cast5_cbc());
+        EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+        EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+        EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+        EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+        EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+        EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+        EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+        EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+#endif
+
+#ifndef OPENSSL_NO_AES
+        EVP_add_cipher(EVP_aes_128_ecb());
+        EVP_add_cipher(EVP_aes_128_cbc());
+        EVP_add_cipher(EVP_aes_128_cfb());
+        EVP_add_cipher(EVP_aes_128_cfb1());
+        EVP_add_cipher(EVP_aes_128_cfb8());
+        EVP_add_cipher(EVP_aes_128_ofb());
+        EVP_add_cipher(EVP_aes_128_ctr());
+        EVP_add_cipher(EVP_aes_128_gcm());
+        EVP_add_cipher(EVP_aes_128_xts());
+        EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+        EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+        EVP_add_cipher(EVP_aes_192_ecb());
+        EVP_add_cipher(EVP_aes_192_cbc());
+        EVP_add_cipher(EVP_aes_192_cfb());
+        EVP_add_cipher(EVP_aes_192_cfb1());
+        EVP_add_cipher(EVP_aes_192_cfb8());
+        EVP_add_cipher(EVP_aes_192_ofb());
+        EVP_add_cipher(EVP_aes_192_ctr());
+        EVP_add_cipher(EVP_aes_192_gcm());
+        EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+        EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+        EVP_add_cipher(EVP_aes_256_ecb());
+        EVP_add_cipher(EVP_aes_256_cbc());
+        EVP_add_cipher(EVP_aes_256_cfb());
+        EVP_add_cipher(EVP_aes_256_cfb1());
+        EVP_add_cipher(EVP_aes_256_cfb8());
+        EVP_add_cipher(EVP_aes_256_ofb());
+        EVP_add_cipher(EVP_aes_256_ctr());
+        EVP_add_cipher(EVP_aes_256_gcm());
+        EVP_add_cipher(EVP_aes_256_xts());
+        EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+        EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+        EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+        EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+#endif
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+        EVP_add_cipher(EVP_camellia_128_ecb());
+        EVP_add_cipher(EVP_camellia_128_cbc());
+        EVP_add_cipher(EVP_camellia_128_cfb());
+        EVP_add_cipher(EVP_camellia_128_cfb1());
+        EVP_add_cipher(EVP_camellia_128_cfb8());
+        EVP_add_cipher(EVP_camellia_128_ofb());
+        EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
+        EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
+        EVP_add_cipher(EVP_camellia_192_ecb());
+        EVP_add_cipher(EVP_camellia_192_cbc());
+        EVP_add_cipher(EVP_camellia_192_cfb());
+        EVP_add_cipher(EVP_camellia_192_cfb1());
+        EVP_add_cipher(EVP_camellia_192_cfb8());
+        EVP_add_cipher(EVP_camellia_192_ofb());
+        EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
+        EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
+        EVP_add_cipher(EVP_camellia_256_ecb());
+        EVP_add_cipher(EVP_camellia_256_cbc());
+        EVP_add_cipher(EVP_camellia_256_cfb());
+        EVP_add_cipher(EVP_camellia_256_cfb1());
+        EVP_add_cipher(EVP_camellia_256_cfb8());
+        EVP_add_cipher(EVP_camellia_256_ofb());
+        EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
+        EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
+#endif
+        }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
new file mode 100644
index 0000000000..311e1fe2f8
--- /dev/null
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -0,0 +1,114 @@
+/* crypto/evp/c_alld.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_digests(void)
+        {
+#ifndef OPENSSL_NO_MD4
+        EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest_alias(SN_md5,"ssl2-md5");
+        EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+        EVP_add_digest(EVP_sha());
+#ifndef OPENSSL_NO_DSA
+        EVP_add_digest(EVP_dss());
+#endif
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef OPENSSL_NO_DSA
+        EVP_add_digest(EVP_dss1());
+        EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+        EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+        EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+        EVP_add_digest(EVP_ecdsa());
+#endif
+#endif
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+        EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+        EVP_add_digest(EVP_ripemd160());
+        EVP_add_digest_alias(SN_ripemd160,"ripemd");
+        EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+#ifndef OPENSSL_NO_SHA256
+        EVP_add_digest(EVP_sha224());
+        EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+        EVP_add_digest(EVP_sha384());
+        EVP_add_digest(EVP_sha512());
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+        EVP_add_digest(EVP_whirlpool());
+#endif
+        }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index d14e8e48d5..467e6b5ae9 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -267,7 +267,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         return FIPS_digestfinal(ctx, md, size);
 #else
         int ret;
-
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -366,11 +365,8 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
         {
-        if (ctx)
-                {
-                EVP_MD_CTX_cleanup(ctx);
-                OPENSSL_free(ctx);
-                }
+        EVP_MD_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
         }
 
 /* This call frees resources associated with the context */
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index c7869b69ef..1e4af0cb75 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -842,10 +842,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         gctx->ctr = NULL;
                         break;
                         }
-                else
 #endif
-                (void)0;        /* terminate potentially open 'else' */
-
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -972,6 +969,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
         if (!gctx->iv_set)
                 return -1;
+        if (!ctx->encrypt && gctx->taglen < 0)
+                return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -1013,8 +1012,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
-                        if (gctx->taglen < 0)
-                                return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
@@ -1086,17 +1083,14 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         xctx->xts.block1 = (block128_f)vpaes_decrypt;
                         }
 
-                    vpaes_set_encrypt_key(key + ctx->key_len/2,
+                vpaes_set_encrypt_key(key + ctx->key_len/2,
                                                 ctx->key_len * 4, &xctx->ks2);
-                    xctx->xts.block2 = (block128_f)vpaes_encrypt;
+                xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-                    xctx->xts.key1 = &xctx->ks1;
-                    break;
-                    }
-                else
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+                }
 #endif
-                (void)0;        /* terminate potentially open 'else' */
-
                 if (enc)
                         {
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
@@ -1223,7 +1217,6 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                         &cctx->ks, (block128_f)vpaes_encrypt);
-                        cctx->str = NULL;
                         cctx->key_set = 1;
                         break;
                         }
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index fb2c884a78..483e04b605 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,11 +328,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                                 if (res!=SHA_CBLOCK) continue;
 
-                                /* j is not incremented yet */
-                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
+                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
                                 data->u[SHA_LBLOCK-1] |= bitlen&mask;
                                 sha1_block_data_order(&key->md,data,1);
-                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
+                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
                                 pmac->u[0] |= key->md.h0 & mask;
                                 pmac->u[1] |= key->md.h1 & mask;
                                 pmac->u[2] |= key->md.h2 & mask;
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 8d7b7de292..1e69972662 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        while (inl>=EVP_MAXCHUNK)
+        if (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         printf("\n");
         }
 #endif    /* KSSL_DEBUG */
-        while (inl>=EVP_MAXCHUNK)
+        if (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        while (inl>=EVP_MAXCHUNK)
+        if (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/src/lib/libcrypto/evp/e_dsa.c b/src/lib/libcrypto/evp/e_dsa.c
new file mode 100644
index 0000000000..b96f2738b3
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_dsa.c
@@ -0,0 +1,71 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static EVP_PKEY_METHOD dss_method=
+        {
+        DSA_sign,
+        DSA_verify,
+        {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
+        };
+
diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c
new file mode 100644
index 0000000000..19a10c6402
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_rc5.c
@@ -0,0 +1,126 @@
+/* crypto/evp/e_rc5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RC5
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc5.h>
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv,int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct
+        {
+        int rounds;     /* number of rounds */
+        RC5_32_KEY ks;  /* key schedule */
+        } EVP_RC5_KEY;
+
+#define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL,
+                       NULL, NULL, rc5_ctrl)
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+        switch(type)
+                {
+        case EVP_CTRL_INIT:
+                data(c)->rounds = RC5_12_ROUNDS;
+                return 1;
+
+        case EVP_CTRL_GET_RC5_ROUNDS:
+                *(int *)ptr = data(c)->rounds;
+                return 1;
+                        
+        case EVP_CTRL_SET_RC5_ROUNDS:
+                switch(arg)
+                        {
+                case RC5_8_ROUNDS:
+                case RC5_12_ROUNDS:
+                case RC5_16_ROUNDS:
+                        data(c)->rounds = arg;
+                        return 1;
+
+                default:
+                        EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                        return 0;
+                        }
+
+        default:
+                return -1;
+                }
+        }
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+        {
+        RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                       key,data(ctx)->rounds);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_seed.c b/src/lib/libcrypto/evp/e_seed.c
new file mode 100644
index 0000000000..2d1759d276
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_seed.c
@@ -0,0 +1,83 @@
+/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_SEED
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/seed.h>
+#include "evp_locl.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);
+
+typedef struct
+        {
+        SEED_KEY_SCHEDULE ks;
+        } EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128,
+                       0, seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        SEED_set_key(key, ctx->cipher_data);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index faeb3c24e6..3b1fa87576 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_ccm(void);
 const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_ccm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_ccm(void);
 const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_ccm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_ccm(void);
 const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1242,8 +1242,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
 
-void EVP_add_alg_module(void);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1258,7 +1256,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                               133
 #define EVP_F_AES_XTS                                    172
 #define EVP_F_AES_XTS_CIPHER                             175
-#define EVP_F_ALG_MODULE_INIT                            177
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_CMAC_INIT                                  173
 #define EVP_F_D2I_PKEY                                   100
@@ -1352,19 +1349,15 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_DISABLED_FOR_FIPS                          163
 #define EVP_R_ENCODE_ERROR                               115
-#define EVP_R_ERROR_LOADING_SECTION                      165
-#define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
-#define EVP_R_INVALID_FIPS_MODE                          168
 #define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
@@ -1389,7 +1382,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
-#define EVP_R_UNKNOWN_OPTION                             169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_ALGORITHM                      156
diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c
new file mode 100644
index 0000000000..643a1864e8
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_acnf.c
@@ -0,0 +1,73 @@
+/* evp_acnf.c */
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+
+
+/* Load all algorithms and configure OpenSSL.
+ * This function is called automatically when
+ * OPENSSL_LOAD_CONF is set.
+ */
+
+void OPENSSL_add_all_algorithms_conf(void)
+        {
+        OPENSSL_add_all_algorithms_noconf();
+        OPENSSL_config(NULL);
+        }
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 08eab9882f..db0f76d59b 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -75,7 +75,6 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),       "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),        "AES_XTS_CIPHER"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),     "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
@@ -172,19 +171,15 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -209,7 +204,6 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff --git a/src/lib/libcrypto/evp/evp_fips.c b/src/lib/libcrypto/evp/evp_fips.c
new file mode 100644
index 0000000000..cb7f4fc0fa
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_fips.c
@@ -0,0 +1,113 @@
+/* crypto/evp/evp_fips.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <openssl/evp.h>
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+
+const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
+const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
+const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
+const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
+const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
+const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
+const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
+const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
+const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
+const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
+const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
+const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
+const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
+const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
+const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
+const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
+const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
+const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
+const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
+const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
+const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
+const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
+const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
+const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
+const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
+const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
+const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
+const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
+const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
+const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
+const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
+const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
+const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
+const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
+const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
+const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
+const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
+const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
+const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
+const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
+const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
+const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
+
+const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
+const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
+const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
+const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
+const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
+
+const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
+const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
+const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
+
+#endif
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
new file mode 100644
index 0000000000..55c7cdfdcc
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -0,0 +1,450 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+        {
+        if((n%16) == 0)
+            fprintf(f,"\n%04x",n);
+        fprintf(f," %02x",s[n]);
+        }
+    fprintf(f,"\n");
+    }
+
+static int convert(unsigned char *s)
+    {
+    unsigned char *d;
+
+    for(d=s ; *s ; s+=2,++d)
+        {
+        unsigned int n;
+
+        if(!s[1])
+            {
+            fprintf(stderr,"Odd number of hex digits!");
+            EXIT(4);
+            }
+        sscanf((char *)s,"%2x",&n);
+        *d=(unsigned char)n;
+        }
+    return s-d;
+    }
+
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, 256);
+    isdelim[0] = 1;
+
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+
+    return token;
+    }
+
+static unsigned char *ustrsep(char **p,const char *sep)
+    { return (unsigned char *)sstrsep(p,sep); }
+
+static int test1_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
+
+static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
+                  const unsigned char *iv,int in,
+                  const unsigned char *plaintext,int pn,
+                  const unsigned char *ciphertext,int cn,
+                  int encdec)
+    {
+    EVP_CIPHER_CTX ctx;
+    unsigned char out[4096];
+    int outl,outl2;
+
+    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
+           (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+    hexdump(stdout,"Key",key,kn);
+    if(in)
+        hexdump(stdout,"IV",iv,in);
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Ciphertext",ciphertext,cn);
+    
+    if(kn != c->key_len)
+        {
+        fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
+                (unsigned long)c->key_len);
+        test1_exit(5);
+        }
+    EVP_CIPHER_CTX_init(&ctx);
+    if (encdec != 0)
+        {
+        if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
+            {
+            fprintf(stderr,"EncryptInit failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(10);
+            }
+        EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+        if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
+            {
+            fprintf(stderr,"Encrypt failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(6);
+            }
+        if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
+            {
+            fprintf(stderr,"EncryptFinal failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(7);
+            }
+
+        if(outl+outl2 != cn)
+            {
+            fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
+                    outl+outl2,cn);
+            test1_exit(8);
+            }
+
+        if(memcmp(out,ciphertext,cn))
+            {
+            fprintf(stderr,"Ciphertext mismatch\n");
+            hexdump(stderr,"Got",out,cn);
+            hexdump(stderr,"Expected",ciphertext,cn);
+            test1_exit(9);
+            }
+        }
+
+    if (encdec <= 0)
+        {
+        if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
+            {
+            fprintf(stderr,"DecryptInit failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(11);
+            }
+        EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+        if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
+            {
+            fprintf(stderr,"Decrypt failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(6);
+            }
+        if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
+            {
+            fprintf(stderr,"DecryptFinal failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(7);
+            }
+
+        if(outl+outl2 != pn)
+            {
+            fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
+                    outl+outl2,pn);
+            test1_exit(8);
+            }
+
+        if(memcmp(out,plaintext,pn))
+            {
+            fprintf(stderr,"Plaintext mismatch\n");
+            hexdump(stderr,"Got",out,pn);
+            hexdump(stderr,"Expected",plaintext,pn);
+            test1_exit(9);
+            }
+        }
+
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    printf("\n");
+    }
+
+static int test_cipher(const char *cipher,const unsigned char *key,int kn,
+                       const unsigned char *iv,int in,
+                       const unsigned char *plaintext,int pn,
+                       const unsigned char *ciphertext,int cn,
+                       int encdec)
+    {
+    const EVP_CIPHER *c;
+
+    c=EVP_get_cipherbyname(cipher);
+    if(!c)
+        return 0;
+
+    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
+
+    return 1;
+    }
+
+static int test_digest(const char *digest,
+                       const unsigned char *plaintext,int pn,
+                       const unsigned char *ciphertext, unsigned int cn)
+    {
+    const EVP_MD *d;
+    EVP_MD_CTX ctx;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdn;
+
+    d=EVP_get_digestbyname(digest);
+    if(!d)
+        return 0;
+
+    printf("Testing digest %s\n",EVP_MD_name(d));
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Digest",ciphertext,cn);
+
+    EVP_MD_CTX_init(&ctx);
+    if(!EVP_DigestInit_ex(&ctx,d, NULL))
+        {
+        fprintf(stderr,"DigestInit failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(100);
+        }
+    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
+        {
+        fprintf(stderr,"DigestUpdate failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(101);
+        }
+    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
+        {
+        fprintf(stderr,"DigestFinal failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(101);
+        }
+    EVP_MD_CTX_cleanup(&ctx);
+
+    if(mdn != cn)
+        {
+        fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
+        EXIT(102);
+        }
+
+    if(memcmp(md,ciphertext,cn))
+        {
+        fprintf(stderr,"Digest mismatch\n");
+        hexdump(stderr,"Got",md,cn);
+        hexdump(stderr,"Expected",ciphertext,cn);
+        EXIT(103);
+        }
+
+    printf("\n");
+
+    EVP_MD_CTX_cleanup(&ctx);
+
+    return 1;
+    }
+
+int main(int argc,char **argv)
+    {
+    const char *szTestFile;
+    FILE *f;
+
+    if(argc != 2)
+        {
+        fprintf(stderr,"%s <test file>\n",argv[0]);
+        EXIT(1);
+        }
+    CRYPTO_malloc_debug_init();
+    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    szTestFile=argv[1];
+
+    f=fopen(szTestFile,"r");
+    if(!f)
+        {
+        perror(szTestFile);
+        EXIT(2);
+        }
+
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
+    OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+    /* Load all compiled-in ENGINEs */
+    ENGINE_load_builtin_engines();
+#endif
+#if 0
+    OPENSSL_config();
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    /* Register all available ENGINE implementations of ciphers and digests.
+     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+    ENGINE_register_all_ciphers();
+    ENGINE_register_all_digests();
+    /* If we add command-line options, this statement should be switchable.
+     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+     * they weren't already initialised. */
+    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
+
+    for( ; ; )
+        {
+        char line[4096];
+        char *p;
+        char *cipher;
+        unsigned char *iv,*key,*plaintext,*ciphertext;
+        int encdec;
+        int kn,in,pn,cn;
+
+        if(!fgets((char *)line,sizeof line,f))
+            break;
+        if(line[0] == '#' || line[0] == '\n')
+            continue;
+        p=line;
+        cipher=sstrsep(&p,":"); 
+        key=ustrsep(&p,":");
+        iv=ustrsep(&p,":");
+        plaintext=ustrsep(&p,":");
+        ciphertext=ustrsep(&p,":");
+        if (p[-1] == '\n') {
+            p[-1] = '\0';
+            encdec = -1;
+        } else {
+            encdec = atoi(sstrsep(&p,"\n"));
+        }
+              
+
+        kn=convert(key);
+        in=convert(iv);
+        pn=convert(plaintext);
+        cn=convert(ciphertext);
+
+        if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
+           && !test_digest(cipher,plaintext,pn,ciphertext,cn))
+            {
+#ifdef OPENSSL_NO_AES
+            if (strstr(cipher, "AES") == cipher)
+                {
+                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+                continue;
+                }
+#endif
+#ifdef OPENSSL_NO_DES
+            if (strstr(cipher, "DES") == cipher)
+                {
+                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+                continue;
+                }
+#endif
+#ifdef OPENSSL_NO_RC4
+            if (strstr(cipher, "RC4") == cipher)
+                {
+                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+                continue;
+                }
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+            if (strstr(cipher, "CAMELLIA") == cipher)
+                {
+                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+                continue;
+                }
+#endif
+#ifdef OPENSSL_NO_SEED
+            if (strstr(cipher, "SEED") == cipher)
+                {
+                fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+                continue;
+                }
+#endif
+            fprintf(stderr,"Can't find %s\n",cipher);
+            EXIT(3);
+            }
+        }
+        fclose(f);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_cleanup();
+#endif
+    EVP_cleanup();
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_thread_state(NULL);
+    ERR_free_strings();
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return 0;
+    }
diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt
new file mode 100644
index 0000000000..c273707c14
--- /dev/null
+++ b/src/lib/libcrypto/evp/evptests.txt
@@ -0,0 +1,334 @@
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#digest:::input:output
+
+# SHA(1) tests (from shatest.c)
+SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
+
+# MD5 tests (from md5test.c)
+MD5::::d41d8cd98f00b204e9800998ecf8427e
+MD5:::61:0cc175b9c0f1b6a831c399e269772661
+MD5:::616263:900150983cd24fb0d6963f7d28e17f72
+MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
+MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
+MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
+MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
+
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
+
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
+
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
+
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt 
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt 
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt 
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt 
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt 
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
+# CFB128-AES128.Decrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
+# CFB128-AES192.Encrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
+# CFB128-AES192.Decrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
+# CFB128-AES256.Encrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
+# CFB128-AES256.Decrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 
+# OFB-AES128.Decrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
+# OFB-AES192.Encrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 
+# OFB-AES192.Decrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 
+# OFB-AES256.Encrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
+# OFB-AES256.Decrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
+
+# AES Counter test vectors from RFC3686
+aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
+aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
+aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
+
+aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
+aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
+aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
+
+aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
+aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
+aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
+
+# DES ECB tests (from destest)
+
+DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
+DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
+DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
+DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
+DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
+DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
+DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
+
+# DESX-CBC tests (from destest)
+DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+
+# DES EDE3 CBC tests (from destest)
+DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+# RC4 tests (from rc4test)
+RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
+RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
+RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
+RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
+
+
+# Camellia tests from RFC3713
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
+CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
+CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
+CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
+
+# ECB-CAMELLIA128.Encrypt
+CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
+CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
+CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
+
+# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt 
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
+
+# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt 
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
+
+# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt 
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
+
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt 
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
+
+# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt 
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
+
+# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt 
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
+
+# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-CAMELLIA128.Encrypt 
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
+
+# CFB128-CAMELLIA128.Decrypt 
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
+
+# CFB128-CAMELLIA192.Encrypt
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
+
+# CFB128-CAMELLIA192.Decrypt
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
+
+# CFB128-CAMELLIA256.Encrypt 
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
+
+# CFB128-CAMELLIA256.Decrypt 
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
+
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-CAMELLIA128.Encrypt 
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
+
+# OFB-CAMELLIA128.Decrypt 
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
+
+# OFB-CAMELLIA192.Encrypt 
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
+
+# OFB-CAMELLIA192.Decrypt 
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
+
+# OFB-CAMELLIA256.Encrypt 
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
+
+# OFB-CAMELLIA256.Decrypt 
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
+
+# SEED test vectors from RFC4269
+SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
+SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
+SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
+SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
+SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
+SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
+SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
+SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 6fb7e9a861..4ad63ada6f 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/sha.h>
+#include <openssl/x509.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 2df362a670..f80170efeb 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/sha.h>
+#include <openssl/x509.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
new file mode 100644
index 0000000000..5ce849f161
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -0,0 +1,101 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_MD2
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md2.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+
+static int init(EVP_MD_CTX *ctx)
+        { return MD2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return MD2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MD2_Final(md,ctx->md_data); }
+
+static const EVP_MD md2_md=
+        {
+        NID_md2,
+        NID_md2WithRSAEncryption,
+        MD2_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        MD2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MD2_CTX),
+        };
+
+const EVP_MD *EVP_md2(void)
+        {
+        return(&md2_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
new file mode 100644
index 0000000000..3602bed316
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -0,0 +1,103 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_MDC2
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/mdc2.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+
+#include "evp_locl.h"
+
+static int init(EVP_MD_CTX *ctx)
+        { return MDC2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return MDC2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MDC2_Final(md,ctx->md_data); }
+
+static const EVP_MD mdc2_md=
+        {
+        NID_mdc2,
+        NID_mdc2WithRSA,
+        MDC2_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+        MDC2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MDC2_CTX),
+        };
+
+const EVP_MD *EVP_mdc2(void)
+        {
+        return(&mdc2_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
new file mode 100644
index 0000000000..8769cdd42f
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -0,0 +1,101 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include "evp_locl.h"
+
+static int init(EVP_MD_CTX *ctx)
+        { return SHA_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return SHA_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA_Final(md,ctx->md_data); }
+
+static const EVP_MD sha_md=
+        {
+        NID_sha,
+        NID_shaWithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_sha(void)
+        {
+        return(&sha_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index bd0c01ad3c..3cb11f1ebb 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/sha.h>
+#include <openssl/x509.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/openbsd_hw.c b/src/lib/libcrypto/evp/openbsd_hw.c
new file mode 100644
index 0000000000..3831a5731e
--- /dev/null
+++ b/src/lib/libcrypto/evp/openbsd_hw.c
@@ -0,0 +1,446 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include "evp_locl.h"
+
+/* This stuff should now all be supported through
+ * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
+static void *dummy=&dummy;
+
+#if 0
+
+/* check flag after OpenSSL headers to ensure make depend works */
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <assert.h>
+
+/* longest key supported in hardware */
+#define MAX_HW_KEY      24
+#define MAX_HW_IV       8
+
+#define MD5_DIGEST_LENGTH       16
+#define MD5_CBLOCK              64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+        return 0;
+    if(!fd)
+        {
+        int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+            {
+            err("/dev/crypto");
+            dev_failed=1;
+            return 0;
+            }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+            {
+            err("CRIOGET failed");
+            close(cryptodev_fd);
+            dev_failed=1;
+            return 0;
+            }
+        close(cryptodev_fd);
+        }
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+        err("CIOCFSESSION failed");
+
+    OPENSSL_free(CDATA(ctx)->key);
+
+    return 1;
+    }
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+                               const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+        return 0;
+
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+                             const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+
+    if(!inl)
+        return 1;
+
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+        cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+        memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffers are misaligned */
+            {
+            unsigned int cinl=0;
+            char *cin=NULL;
+            char *cout=NULL;
+
+            /* NB: this can only make cinl != inl with stream ciphers */
+            cinl=(inl+3)/4*4;
+
+            if(((unsigned long)in&3) || cinl != inl)
+                {
+                cin=OPENSSL_malloc(cinl);
+                memcpy(cin,in,inl);
+                cryp.src=cin;
+                }
+
+            if(((unsigned long)out&3) || cinl != inl)
+                {
+                cout=OPENSSL_malloc(cinl);
+                cryp.dst=cout;
+                }
+
+            cryp.len=cinl;
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(2) failed");
+                printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+                abort();
+                return 0;
+                }
+                
+            if(cout)
+                {
+                memcpy(out,cout,inl);
+                OPENSSL_free(cout);
+                }
+            if(cin)
+                OPENSSL_free(cin);
+            }
+        else 
+            {       
+            err("CIOCCRYPT failed");
+            abort();
+            return 0;
+            }
+        }
+
+    if(ctx->encrypt)
+        memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+        memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+                     0, dev_crypto_des_ede3_init_key,
+                     dev_crypto_cleanup, 
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,
+                     NULL)
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,     /* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+    { return &r4_cipher; }
+
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+        return 0;
+
+    md_data->len=0;
+    md_data->data=NULL;
+
+    md_data->sess.mac=mac;
+
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+        {
+        err("CIOCFSESSION failed");
+        return 0;
+        }
+
+    return 1;
+    }
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+        {
+        0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+        0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+        };
+
+    /* some cards can't do zero length */
+    if(!len)
+        {
+        memcpy(md,md5zero,16);
+        return 1;
+        }
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.mac=(caddr_t)md;
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffer is misaligned */
+            {
+            char *dcopy;
+
+            dcopy=OPENSSL_malloc(len);
+            memcpy(dcopy,data,len);
+            cryp.src=dcopy;
+            cryp.dst=cryp.src; // FIXME!!!
+
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(MAC2) failed");
+                abort();
+                return 0;
+                }
+            OPENSSL_free(dcopy);
+            }
+        else
+            {
+            err("CIOCCRYPT(MAC) failed");
+            abort();
+            return 0;
+            }
+        }
+    //    printf("done\n");
+
+    return 1;
+    }
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+                                 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        return do_digest(md_data->sess.ses,md_data->md,data,len);
+
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+
+    return 1;
+    }   
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        {
+        memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+        ret=1;
+        }
+    else
+        {
+        ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+        OPENSSL_free(md_data->data);
+        md_data->data=NULL;
+        md_data->len=0;
+        }
+
+    return ret;
+    }
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+
+    // How do we copy sessions?
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+
+    return 1;
+    }
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+
+const EVP_MD *EVP_dev_crypto_md5(void)
+    { return &md5_md; }
+
+#endif
+#endif
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index fe3c6c8813..975d004df4 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -85,24 +85,19 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
         int cplen, j, k, tkeylen, mdlen;
         unsigned long i = 1;
-        HMAC_CTX hctx_tpl, hctx;
+        HMAC_CTX hctx;
 
         mdlen = EVP_MD_size(digest);
         if (mdlen < 0)
                 return 0;
 
-        HMAC_CTX_init(&hctx_tpl);
+        HMAC_CTX_init(&hctx);
         p = out;
         tkeylen = keylen;
         if(!pass)
                 passlen = 0;
         else if(passlen == -1)
                 passlen = strlen(pass);
-        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
-                {
-                HMAC_CTX_cleanup(&hctx_tpl);
-                return 0;
-                }
         while(tkeylen)
                 {
                 if(tkeylen > mdlen)
@@ -116,36 +111,19 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 itmp[1] = (unsigned char)((i >> 16) & 0xff);
                 itmp[2] = (unsigned char)((i >> 8) & 0xff);
                 itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
+                        || !HMAC_Update(&hctx, salt, saltlen)
+                        || !HMAC_Update(&hctx, itmp, 4)
+                        || !HMAC_Final(&hctx, digtmp, NULL))
                         {
-                        HMAC_CTX_cleanup(&hctx_tpl);
-                        return 0;
-                        }
-                if (!HMAC_Update(&hctx, salt, saltlen)
-                    || !HMAC_Update(&hctx, itmp, 4)
-                    || !HMAC_Final(&hctx, digtmp, NULL))
-                        {
-                        HMAC_CTX_cleanup(&hctx_tpl);
                         HMAC_CTX_cleanup(&hctx);
                         return 0;
                         }
-                HMAC_CTX_cleanup(&hctx);
                 memcpy(p, digtmp, cplen);
                 for(j = 1; j < iter; j++)
                         {
-                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
-                                {
-                                HMAC_CTX_cleanup(&hctx_tpl);
-                                return 0;
-                                }
-                        if (!HMAC_Update(&hctx, digtmp, mdlen)
-                            || !HMAC_Final(&hctx, digtmp, NULL))
-                                {
-                                HMAC_CTX_cleanup(&hctx_tpl);
-                                HMAC_CTX_cleanup(&hctx);
-                                return 0;
-                                }
-                        HMAC_CTX_cleanup(&hctx);
+                        HMAC(digest, pass, passlen,
+                                 digtmp, mdlen, digtmp, NULL);
                         for(k = 0; k < cplen; k++)
                                 p[k] ^= digtmp[k];
                         }
@@ -153,7 +131,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 i++;
                 p+= cplen;
                 }
-        HMAC_CTX_cleanup(&hctx_tpl);
+        HMAC_CTX_cleanup(&hctx);
 #ifdef DEBUG_PKCS5V2
         fprintf(stderr, "Password:\n");
         h__dump (pass, passlen);
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index 8afb664306..dfa48c157c 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i = 0,ok = 0,v;
+        int i=0,ok=0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index c66d63ccf8..5f5c409f45 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i = 0,ok = 0,v;
+        int i=-1,ok=0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/fips_ers.c b/src/lib/libcrypto/fips_ers.c
new file mode 100644
index 0000000000..09f11748f6
--- /dev/null
+++ b/src/lib/libcrypto/fips_ers.c
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy=&dummy;
+#endif
diff --git a/src/lib/libcrypto/generate_pkgconfig.sh b/src/lib/libcrypto/generate_pkgconfig.sh
new file mode 100644
index 0000000000..d0660d3c57
--- /dev/null
+++ b/src/lib/libcrypto/generate_pkgconfig.sh
@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# $OpenBSD: generate_pkgconfig.sh,v 1.1 2014/04/11 22:51:53 miod Exp $
+#
+# Copyright (c) 2010,2011 Jasper Lievisse Adriaanse <jasper@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+# Generate pkg-config files for OpenSSL.
+
+usage() {
+        echo "usage: ${0##*/} -c current_directory -o obj_directory"
+        exit 1
+}
+
+curdir=
+objdir=
+while getopts "c:o:" flag; do
+        case "$flag" in
+                c)
+                        curdir=$OPTARG
+                        ;;
+                o)
+                        objdir=$OPTARG
+                        ;;
+                *)
+                        usage
+                        ;;
+        esac
+done
+
+[ -n "${curdir}" ] || usage
+if [ ! -d "${curdir}" ]; then
+        echo "${0##*/}: ${curdir}: not found"
+        exit 1
+fi
+[ -n "${objdir}" ] || usage
+if [ ! -w "${objdir}" ]; then
+        echo "${0##*/}: ${objdir}: not found or not writable"
+        exit 1
+fi
+
+version_re="s/^#define[[:blank:]]+SHLIB_VERSION_NUMBER[[:blank:]]+\"(.*)\".*/\1/p"
+#version_file=${curdir}/src/crypto/opensslv.h
+version_file=${curdir}/../libssl/src/crypto/opensslv.h
+lib_version=$(sed -nE ${version_re} ${version_file})
+
+# Put -I${includedir} into Cflags so configure script tests like
+#   test -n "`pkg-config --cflags openssl`"
+# don't assume that OpenSSL isn't available.
+
+pc_file="${objdir}/libcrypto.pc"
+cat > ${pc_file} << __EOF__
+prefix=/usr
+exec_prefix=\${prefix}
+libdir=\${exec_prefix}/lib
+includedir=\${prefix}/include
+
+Name: OpenSSL-libcrypto
+Description: OpenSSL cryptography library
+Version: ${lib_version}
+Requires: 
+Libs: -L\${libdir} -lcrypto
+Cflags: -I\${includedir}
+__EOF__
diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile
new file mode 100644
index 0000000000..0e91709f64
--- /dev/null
+++ b/src/lib/libcrypto/hmac/Makefile
@@ -0,0 +1,110 @@
+#
+# OpenSSL/crypto/md/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c hm_ameth.c hm_pmeth.c
+LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h
+hm_ameth.o: hm_ameth.c
+hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hm_pmeth.o: ../../include/openssl/opensslconf.h
+hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c
+hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/hmac/hmactest.c b/src/lib/libcrypto/hmac/hmactest.c
new file mode 100644
index 0000000000..1b906b81af
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hmactest.c
@@ -0,0 +1,175 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_HMAC
+int main(int argc, char *argv[])
+{
+    printf("No HMAC support\n");
+    return(0);
+}
+#else
+#include <openssl/hmac.h>
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static struct test_st
+        {
+        unsigned char key[16];
+        int key_len;
+        unsigned char data[64];
+        int data_len;
+        unsigned char *digest;
+        } test[4]={
+        {       "",
+                0,
+                "More text test vectors to stuff up EBCDIC machines :-)",
+                54,
+                (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+        },{     {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+                 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+                16,
+                "Hi There",
+                8,
+                (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+        },{     "Jefe",
+                4,
+                "what do ya want for nothing?",
+                28,
+                (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+        },{
+                {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+                 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+                16,
+                {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd},
+                50,
+                (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+        },
+        };
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+#ifndef OPENSSL_NO_MD5
+        int i;
+        char *p;
+#endif
+        int err=0;
+
+#ifdef OPENSSL_NO_MD5
+        printf("test skipped: MD5 disabled\n");
+#else
+
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+        ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+        ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
+        ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#endif
+
+        for (i=0; i<4; i++)
+                {
+                p=pt(HMAC(EVP_md5(),
+                        test[i].key, test[i].key_len,
+                        test[i].data, test[i].data_len,
+                        NULL,NULL));
+
+                if (strcmp(p,(char *)test[i].digest) != 0)
+                        {
+                        printf("error calculating HMAC on %d entry'\n",i);
+                        printf("got %s instead of %s\n",p,test[i].digest);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+#endif /* OPENSSL_NO_MD5 */
+        EXIT(err);
+        return(0);
+        }
+
+#ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile
new file mode 100644
index 0000000000..8af0acdad9
--- /dev/null
+++ b/src/lib/libcrypto/idea/Makefile
@@ -0,0 +1,89 @@
+#
+# OpenSSL/crypto/idea/Makefile
+#
+
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i_skey.o: ../../include/openssl/symhacks.h i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/idea/idea_spd.c b/src/lib/libcrypto/idea/idea_spd.c
new file mode 100644
index 0000000000..699353e871
--- /dev/null
+++ b/src/lib/libcrypto/idea/idea_spd.c
@@ -0,0 +1,299 @@
+/* crypto/idea/idea_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/idea.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        IDEA_KEY_SCHEDULE sch;
+        double a,aa,b,c,d;
+#ifndef SIGALRM
+        long ca,cca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        idea_set_encrypt_key(key,&sch);
+        count=10;
+        do      {
+                long i;
+                IDEA_INT data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        idea_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/4;
+        cca=count/200;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("idea_set_encrypt_key %ld times\n",ca);
+#define COND(d) (count <= (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing idea_set_encrypt_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                idea_set_encrypt_key(key,&sch);
+                idea_set_encrypt_key(key,&sch);
+                idea_set_encrypt_key(key,&sch);
+                idea_set_encrypt_key(key,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing idea_set_decrypt_key for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing idea_set_decrypt_key %ld times\n",cca);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(cca); count+=4)
+                {
+                idea_set_decrypt_key(&sch,&sch);
+                idea_set_decrypt_key(&sch,&sch);
+                idea_set_decrypt_key(&sch,&sch);
+                idea_set_decrypt_key(&sch,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n",count,d);
+        aa=((double)COUNT(cca))/d;
+
+#ifdef SIGALRM
+        printf("Doing idea_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing idea_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+
+                idea_encrypt(data,&sch);
+                idea_encrypt(data,&sch);
+                idea_encrypt(data,&sch);
+                idea_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld idea_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                idea_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),IDEA_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n",aa,1.0e6/aa);
+        printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
+
diff --git a/src/lib/libcrypto/idea/ideatest.c b/src/lib/libcrypto/idea/ideatest.c
new file mode 100644
index 0000000000..e6ffc7025e
--- /dev/null
+++ b/src/lib/libcrypto/idea/ideatest.c
@@ -0,0 +1,235 @@
+/* crypto/idea/ideatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_IDEA
+int main(int argc, char *argv[])
+{
+    printf("No IDEA support\n");
+    return(0);
+}
+#else
+#include <openssl/idea.h>
+
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+
+static int cfb64_test(unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        IDEA_KEY_SCHEDULE key,dkey; 
+        unsigned char iv[8];
+
+        idea_set_encrypt_key(k,&key);
+        idea_ecb_encrypt(in,out,&key);
+        if (memcmp(out,c,8) != 0)
+                {
+                printf("ecb idea error encrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",c[i]);
+                err=20;
+                printf("\n");
+                }
+
+        idea_set_decrypt_key(&key,&dkey);
+        idea_ecb_encrypt(c,out,&dkey);
+        if (memcmp(out,in,8) != 0)
+                {
+                printf("ecb idea error decrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",in[i]);
+                printf("\n");
+                err=3;
+                }
+
+        if (err == 0) printf("ecb idea ok\n");
+
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(err);
+        }
+
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/idea/version b/src/lib/libcrypto/idea/version
new file mode 100644
index 0000000000..3f22293795
--- /dev/null
+++ b/src/lib/libcrypto/idea/version
@@ -0,0 +1,12 @@
+1.1 07/12/95 - eay
+        Many thanks to Rhys Weatherley <rweather@us.oracle.com>
+        for pointing out that I was assuming little endian byte
+        order for all quantities what idea actually used
+        bigendian.  No where in the spec does it mention
+        this, it is all in terms of 16 bit numbers and even the example
+        does not use byte streams for the input example :-(.
+        If you byte swap each pair of input, keys and iv, the functions
+        would produce the output as the old version :-(.
+
+1.0 ??/??/95 - eay
+        First version.
diff --git a/src/lib/libcrypto/install-crypto.com b/src/lib/libcrypto/install-crypto.com
new file mode 100755
index 0000000000..85b3d583cf
--- /dev/null
+++ b/src/lib/libcrypto/install-crypto.com
@@ -0,0 +1,196 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$     exit
+$ endif
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "_SHR32"
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "_SHR"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$!
+$ sdirs := , -
+   'archd', -
+   objects, -
+   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
+   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
+   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
+   buffer, bio, stack, lhash, rand, err, -
+   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
+   ui, krb5, -
+   store, cms, pqueue, ts, jpake
+$!
+$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
+$ exheader_'archd' := opensslconf.h
+$ exheader_objects := objects.h, obj_mac.h
+$ exheader_md2 := md2.h
+$ exheader_md4 := md4.h
+$ exheader_md5 := md5.h
+$ exheader_sha := sha.h
+$ exheader_mdc2 := mdc2.h
+$ exheader_hmac := hmac.h
+$ exheader_ripemd := ripemd.h
+$ exheader_whrlpool := whrlpool.h
+$ exheader_des := des.h, des_old.h
+$ exheader_aes := aes.h
+$ exheader_rc2 := rc2.h
+$ exheader_rc4 := rc4.h
+$ exheader_rc5 := rc5.h
+$ exheader_idea := idea.h
+$ exheader_bf := blowfish.h
+$ exheader_cast := cast.h
+$ exheader_camellia := camellia.h
+$ exheader_seed := seed.h
+$ exheader_modes := modes.h
+$ exheader_bn := bn.h
+$ exheader_ec := ec.h
+$ exheader_rsa := rsa.h
+$ exheader_dsa := dsa.h
+$ exheader_ecdsa := ecdsa.h
+$ exheader_dh := dh.h
+$ exheader_ecdh := ecdh.h
+$ exheader_dso := dso.h
+$ exheader_engine := engine.h
+$ exheader_buffer := buffer.h
+$ exheader_bio := bio.h
+$ exheader_stack := stack.h, safestack.h
+$ exheader_lhash := lhash.h
+$ exheader_rand := rand.h
+$ exheader_err := err.h
+$ exheader_evp := evp.h
+$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
+$ exheader_pem := pem.h, pem2.h
+$ exheader_x509 := x509.h, x509_vfy.h
+$ exheader_x509v3 := x509v3.h
+$ exheader_conf := conf.h, conf_api.h
+$ exheader_txt_db := txt_db.h
+$ exheader_pkcs7 := pkcs7.h
+$ exheader_pkcs12 := pkcs12.h
+$ exheader_comp := comp.h
+$ exheader_ocsp := ocsp.h
+$ exheader_ui := ui.h, ui_compat.h
+$ exheader_krb5 := krb5_asn.h
+$! exheader_store := store.h, str_compat.h
+$ exheader_store := store.h
+$ exheader_cms := cms.h
+$ exheader_pqueue := pqueue.h
+$ exheader_ts := ts.h
+$ exheader_jpake := jpake.h
+$ libs := ssl_libcrypto
+$!
+$ exe_dir := [-.'archd'.exe.crypto]
+$!
+$! Header files.
+$!
+$ i = 0
+$ loop_sdirs: 
+$   d = f$edit( f$element( i, ",", sdirs), "trim")
+$   i = i + 1
+$   if d .eqs. "," then goto loop_sdirs_end
+$   tmp = exheader_'d'
+$   if (d .nes. "") then d = "."+ d
+$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
+$ goto loop_sdirs
+$ loop_sdirs_end:
+$!
+$! Object libraries, shareable images.
+$!
+$ i = 0
+$ loop_lib: 
+$   e = f$edit( f$element( i, ",", libs), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_lib_end
+$   set noon
+$   file = exe_dir+ e+ lib32+ ".olb"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$!
+$   file = exe_dir+ e+ shr+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$   set on
+$ goto loop_lib
+$ loop_lib_end:
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com
new file mode 100644
index 0000000000..ad3e4d48c7
--- /dev/null
+++ b/src/lib/libcrypto/install.com
@@ -0,0 +1,155 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
+$! P1   root of the directory tree
+$!
+$       IF P1 .EQS. ""
+$       THEN
+$           WRITE SYS$OUTPUT "First argument missing."
+$           WRITE SYS$OUTPUT -
+                  "It should be the directory where you want things installed."
+$           EXIT
+$       ENDIF
+$
+$       IF (F$GETSYI("CPU").LT.128)
+$       THEN
+$           ARCH := VAX
+$       ELSE
+$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$       ENDIF
+$
+$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+                   - "[000000." - "][" - "[" - "]"
+$       ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
+$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLLIB:
+$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLINCLUDE:
+$
+$       SDIRS := ,-
+                 _'ARCH',-
+                 OBJECTS,-
+                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
+                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
+                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
+                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
+                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
+                 UI,KRB5,-
+                 STORE,CMS,PQUEUE,TS,JPAKE
+$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
+$       EXHEADER__'ARCH' := opensslconf.h
+$       EXHEADER_OBJECTS := objects.h,obj_mac.h
+$       EXHEADER_MD2 := md2.h
+$       EXHEADER_MD4 := md4.h
+$       EXHEADER_MD5 := md5.h
+$       EXHEADER_SHA := sha.h
+$       EXHEADER_MDC2 := mdc2.h
+$       EXHEADER_HMAC := hmac.h
+$       EXHEADER_RIPEMD := ripemd.h
+$       EXHEADER_WHRLPOOL := whrlpool.h
+$       EXHEADER_DES := des.h,des_old.h
+$       EXHEADER_AES := aes.h
+$       EXHEADER_RC2 := rc2.h
+$       EXHEADER_RC4 := rc4.h
+$       EXHEADER_RC5 := rc5.h
+$       EXHEADER_IDEA := idea.h
+$       EXHEADER_BF := blowfish.h
+$       EXHEADER_CAST := cast.h
+$       EXHEADER_CAMELLIA := camellia.h
+$       EXHEADER_SEED := seed.h
+$       EXHEADER_MODES := modes.h
+$       EXHEADER_BN := bn.h
+$       EXHEADER_EC := ec.h
+$       EXHEADER_RSA := rsa.h
+$       EXHEADER_DSA := dsa.h
+$       EXHEADER_ECDSA := ecdsa.h
+$       EXHEADER_DH := dh.h
+$       EXHEADER_ECDH := ecdh.h
+$       EXHEADER_DSO := dso.h
+$       EXHEADER_ENGINE := engine.h
+$       EXHEADER_BUFFER := buffer.h
+$       EXHEADER_BIO := bio.h
+$       EXHEADER_STACK := stack.h,safestack.h
+$       EXHEADER_LHASH := lhash.h
+$       EXHEADER_RAND := rand.h
+$       EXHEADER_ERR := err.h
+$       EXHEADER_EVP := evp.h
+$       EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
+$       EXHEADER_PEM := pem.h,pem2.h
+$       EXHEADER_X509 := x509.h,x509_vfy.h
+$       EXHEADER_X509V3 := x509v3.h
+$       EXHEADER_CONF := conf.h,conf_api.h
+$       EXHEADER_TXT_DB := txt_db.h
+$       EXHEADER_PKCS7 := pkcs7.h
+$       EXHEADER_PKCS12 := pkcs12.h
+$       EXHEADER_COMP := comp.h
+$       EXHEADER_OCSP := ocsp.h
+$       EXHEADER_UI := ui.h,ui_compat.h
+$       EXHEADER_KRB5 := krb5_asn.h
+$!      EXHEADER_STORE := store.h,str_compat.h
+$       EXHEADER_STORE := store.h
+$       EXHEADER_CMS := cms.h
+$       EXHEADER_PQUEUE := pqueue.h
+$       EXHEADER_TS := ts.h
+$       EXHEADER_JPAKE := jpake.h
+$       LIBS := LIBCRYPTO
+$
+$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
+$
+$       I = 0
+$ LOOP_SDIRS: 
+$       D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$       I = I + 1
+$       IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$       tmp = EXHEADER_'D'
+$       IF D .EQS. ""
+$       THEN
+$         COPY 'tmp' WRK_SSLINCLUDE: /LOG
+$       ELSE
+$         IF D .EQS. "_''ARCH'"
+$         THEN
+$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
+$         ELSE
+$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$         ENDIF
+$       ENDIF
+$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
+$       GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$       I = 0
+$ LOOP_LIB: 
+$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$       I = I + 1
+$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$       SET NOON
+$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
+$       THEN
+$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
+$       ENDIF
+$       ! Preparing for the time when we have shareable images
+$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
+$       THEN
+$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
+$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
+$       ENDIF
+$       SET ON
+$       GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$       EXIT
diff --git a/src/lib/libcrypto/jpake/Makefile b/src/lib/libcrypto/jpake/Makefile
new file mode 100644
index 0000000000..110c49ce0b
--- /dev/null
+++ b/src/lib/libcrypto/jpake/Makefile
@@ -0,0 +1,64 @@
+DIR=jpake
+TOP=../..
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+LIB=$(TOP)/libcrypto.a
+LIBOBJ=jpake.o jpake_err.o
+LIBSRC=jpake.c jpake_err.c
+
+EXHEADER=jpake.h
+TEST=jpaketest.c
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+jpaketest: top jpaketest.c $(LIB)
+        $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB)
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+jpake.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+jpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+jpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+jpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+jpake.o: ../../include/openssl/symhacks.h jpake.c jpake.h
+jpake_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake_err.o: ../../include/openssl/err.h ../../include/openssl/jpake.h
+jpake_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+jpake_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+jpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+jpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+jpake_err.o: jpake_err.c
diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c
new file mode 100644
index 0000000000..8e4b633ccc
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake.c
@@ -0,0 +1,511 @@
+#include "jpake.h"
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#include <memory.h>
+
+/*
+ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
+ * Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+
+typedef struct
+    {
+    char *name;  /* Must be unique */
+    char *peer_name;
+    BIGNUM *p;
+    BIGNUM *g;
+    BIGNUM *q;
+    BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
+    BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
+    } JPAKE_CTX_PUBLIC;
+
+struct JPAKE_CTX
+    {
+    JPAKE_CTX_PUBLIC p;
+    BIGNUM *secret;   /* The shared secret */
+    BN_CTX *ctx;
+    BIGNUM *xa;       /* Alice's x1 or Bob's x3 */
+    BIGNUM *xb;       /* Alice's x2 or Bob's x4 */
+    BIGNUM *key;      /* The calculated (shared) key */
+    };
+
+static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
+    {
+    zkp->gr = BN_new();
+    zkp->b = BN_new();
+    }
+
+static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
+    {
+    BN_free(zkp->b);
+    BN_free(zkp->gr);
+    }
+
+/* Two birds with one stone - make the global name as expected */
+#define JPAKE_STEP_PART_init    JPAKE_STEP2_init
+#define JPAKE_STEP_PART_release JPAKE_STEP2_release
+
+void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
+    {
+    p->gx = BN_new();
+    JPAKE_ZKP_init(&p->zkpx);
+    }
+
+void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
+    {
+    JPAKE_ZKP_release(&p->zkpx);
+    BN_free(p->gx);
+    }
+
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_init(&s1->p1);
+    JPAKE_STEP_PART_init(&s1->p2);
+    }
+
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_release(&s1->p2);
+    JPAKE_STEP_PART_release(&s1->p1);
+    }
+
+static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
+                           const char *peer_name, const BIGNUM *p,
+                           const BIGNUM *g, const BIGNUM *q,
+                           const BIGNUM *secret)
+    {
+    ctx->p.name = OPENSSL_strdup(name);
+    ctx->p.peer_name = OPENSSL_strdup(peer_name);
+    ctx->p.p = BN_dup(p);
+    ctx->p.g = BN_dup(g);
+    ctx->p.q = BN_dup(q);
+    ctx->secret = BN_dup(secret);
+
+    ctx->p.gxc = BN_new();
+    ctx->p.gxd = BN_new();
+
+    ctx->xa = BN_new();
+    ctx->xb = BN_new();
+    ctx->key = BN_new();
+    ctx->ctx = BN_CTX_new();
+    }
+    
+static void JPAKE_CTX_release(JPAKE_CTX *ctx)
+    {
+    BN_CTX_free(ctx->ctx);
+    BN_clear_free(ctx->key);
+    BN_clear_free(ctx->xb);
+    BN_clear_free(ctx->xa);
+
+    BN_free(ctx->p.gxd);
+    BN_free(ctx->p.gxc);
+
+    BN_clear_free(ctx->secret);
+    BN_free(ctx->p.q);
+    BN_free(ctx->p.g);
+    BN_free(ctx->p.p);
+    OPENSSL_free(ctx->p.peer_name);
+    OPENSSL_free(ctx->p.name);
+
+    memset(ctx, '\0', sizeof *ctx);
+    }
+    
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret)
+    {
+    JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+    JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
+
+    return ctx;
+    }
+
+void JPAKE_CTX_free(JPAKE_CTX *ctx)
+    {
+    JPAKE_CTX_release(ctx);
+    OPENSSL_free(ctx);
+    }
+
+static void hashlength(SHA_CTX *sha, size_t l)
+    {
+    unsigned char b[2];
+
+    OPENSSL_assert(l <= 0xffff);
+    b[0] = l >> 8;
+    b[1] = l&0xff;
+    SHA1_Update(sha, b, 2);
+    }
+
+static void hashstring(SHA_CTX *sha, const char *string)
+    {
+    size_t l = strlen(string);
+
+    hashlength(sha, l);
+    SHA1_Update(sha, string, l);
+    }
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+    {
+    size_t l = BN_num_bytes(bn);
+    unsigned char *bin = OPENSSL_malloc(l);
+
+    hashlength(sha, l);
+    BN_bn2bin(bn, bin);
+    SHA1_Update(sha, bin, l);
+    OPENSSL_free(bin);
+    }
+
+/* h=hash(g, g^r, g^x, name) */
+static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
+                     const char *proof_name)
+    {
+    unsigned char md[SHA_DIGEST_LENGTH];
+    SHA_CTX sha;
+
+   /*
+    * XXX: hash should not allow moving of the boundaries - Java code
+    * is flawed in this respect. Length encoding seems simplest.
+    */
+    SHA1_Init(&sha);
+    hashbn(&sha, zkpg);
+    OPENSSL_assert(!BN_is_zero(p->zkpx.gr));
+    hashbn(&sha, p->zkpx.gr);
+    hashbn(&sha, p->gx);
+    hashstring(&sha, proof_name);
+    SHA1_Final(md, &sha);
+    BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+    }
+
+/*
+ * Prove knowledge of x
+ * Note that p->gx has already been calculated
+ */
+static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
+                         const BIGNUM *zkpg, JPAKE_CTX *ctx)
+    {
+    BIGNUM *r = BN_new();
+    BIGNUM *h = BN_new();
+    BIGNUM *t = BN_new();
+
+   /*
+    * r in [0,q)
+    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+    */
+    BN_rand_range(r, ctx->p.q);
+   /* g^r */
+    BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
+
+   /* h=hash... */
+    zkp_hash(h, zkpg, p, ctx->p.name);
+
+   /* b = r - x*h */
+    BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
+    BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t);
+    BN_free(h);
+    BN_free(r);
+    }
+
+static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
+                      JPAKE_CTX *ctx)
+    {
+    BIGNUM *h = BN_new();
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+    int ret = 0;
+
+    zkp_hash(h, zkpg, p, ctx->p.peer_name);
+
+   /* t1 = g^b */
+    BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
+   /* t2 = (g^x)^h = g^{hx} */
+    BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
+   /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
+    BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
+
+   /* verify t3 == g^r */
+    if(BN_cmp(t3, p->zkpx.gr) == 0)
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+    BN_free(h);
+
+    return ret;
+    }    
+
+static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
+                               const BIGNUM *g, JPAKE_CTX *ctx)
+    {
+    BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
+    generate_zkp(p, x, g, ctx);
+    }
+
+/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
+static void genrand(JPAKE_CTX *ctx)
+    {
+    BIGNUM *qm1;
+
+   /* xa in [0, q) */
+    BN_rand_range(ctx->xa, ctx->p.q);
+
+   /* q-1 */
+    qm1 = BN_new();
+    BN_copy(qm1, ctx->p.q);
+    BN_sub_word(qm1, 1);
+
+   /* ... and xb in [0, q-1) */
+    BN_rand_range(ctx->xb, qm1);
+   /* [1, q) */
+    BN_add_word(ctx->xb, 1);
+
+   /* cleanup */
+    BN_free(qm1);
+    }
+
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
+    {
+    genrand(ctx);
+    generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
+    generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
+
+    return 1;
+    }
+
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+        return 0;
+
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+
+    return res;
+    }
+
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
+    {
+    if(!is_legal(received->p1.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+        return 0;
+        }
+
+    if(!is_legal(received->p2.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+        return 0;
+        }
+
+   /* verify their ZKP(xc) */
+    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
+        return 0;
+        }
+
+   /* verify their ZKP(xd) */
+    if(!verify_zkp(&received->p2, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
+        return 0;
+        }
+
+   /* g^xd != 1 */
+    if(BN_is_one(received->p2.gx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
+        return 0;
+        }
+
+   /* Save the bits we need for later */
+    BN_copy(ctx->p.gxc, received->p1.gx);
+    BN_copy(ctx->p.gxd, received->p2.gx);
+
+    return 1;
+    }
+
+
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+
+   /*
+    * X = g^{(xa + xc + xd) * xb * s}
+    * t1 = g^xa
+    */
+    BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
+   /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
+    BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
+   /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
+    BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
+   /* t2 = xb * s */
+    BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
+
+   /*
+    * ZKP(xb * s)
+    * XXX: this is kinda funky, because we're using
+    *
+    * g' = g^{xa + xc + xd}
+    *
+    * as the generator, which means X is g'^{xb * s}
+    * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+    */
+    generate_step_part(send, t2, t1, ctx);
+
+   /* cleanup */
+    BN_free(t1);
+    BN_free(t2);
+
+    return 1;
+    }
+
+/* gx = g^{xc + xa + xb} * xd * s */
+static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+
+   /*
+    * K = (gx/g^{xb * xd * s})^{xb}
+    *   = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+    *   = (g^{(xa + xc) * xd * s})^{xb}
+    *   = g^{(xa + xc) * xb * xd * s}
+    * [which is the same regardless of who calculates it]
+    */
+
+   /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
+    BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
+   /* t2 = -s = q-s */
+    BN_sub(t2, ctx->p.q, ctx->secret);
+   /* t3 = t1^t2 = g^{-xb * xd * s} */
+    BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
+   /* t1 = gx * t3 = X/g^{xb * xd * s} */
+    BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
+   /* K = t1^{xb} */
+    BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+
+    return 1;
+    }
+
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    int ret = 0;
+
+   /*
+    * g' = g^{xc + xa + xb} [from our POV]
+    * t1 = xa + xb
+    */
+    BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
+   /* t2 = g^{t1} = g^{xa+xb} */
+    BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
+   /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
+    BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
+
+    if(verify_zkp(received, t1, ctx))
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
+
+    compute_key(ctx, received->gx);
+
+   /* cleanup */
+    BN_free(t2);
+    BN_free(t1);
+
+    return ret;
+    }
+
+static void quickhashbn(unsigned char *md, const BIGNUM *bn)
+    {
+    SHA_CTX sha;
+
+    SHA1_Init(&sha);
+    hashbn(&sha, bn);
+    SHA1_Final(md, &sha);
+    }
+
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
+    {}
+
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hhk, ctx->key);
+    SHA1(send->hhk, sizeof send->hhk, send->hhk);
+
+    return 1;
+    }
+
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hhk, ctx->key);
+    SHA1(hhk, sizeof hhk, hhk);
+    if(memcmp(hhk, received->hhk, sizeof hhk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
+    {}
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
+    {}
+
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hk, ctx->key);
+
+    return 1;
+    }
+
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hk, ctx->key);
+    if(memcmp(hk, received->hk, sizeof hk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
+    {}
+
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
+    {
+    return ctx->key;
+    }
+
diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h
new file mode 100644
index 0000000000..fd143b4d9b
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake.h
@@ -0,0 +1,131 @@
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ * 
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+#ifndef HEADER_JPAKE_H
+#define HEADER_JPAKE_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+#error JPAKE is disabled.
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+
+typedef struct JPAKE_CTX JPAKE_CTX;
+
+/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
+typedef struct
+    {
+    BIGNUM *gr; /* g^r (r random) */
+    BIGNUM *b;  /* b = r - x*h, h=hash(g, g^r, g^x, name) */
+    } JPAKE_ZKP;
+
+typedef struct
+    {
+    BIGNUM *gx;       /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
+    JPAKE_ZKP zkpx;   /* ZKP(x) or ZKP(xb * s) */
+    } JPAKE_STEP_PART;
+
+typedef struct
+    {
+    JPAKE_STEP_PART p1;   /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
+    JPAKE_STEP_PART p2;   /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
+    } JPAKE_STEP1;
+
+typedef JPAKE_STEP_PART JPAKE_STEP2;
+
+typedef struct
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3A;
+
+typedef struct
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3B;
+
+/* Parameters are copied */
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret);
+void JPAKE_CTX_free(JPAKE_CTX *ctx);
+
+/*
+ * Note that JPAKE_STEP1 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
+
+/*
+ * Note that JPAKE_STEP2 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
+void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
+
+/*
+ * Optionally verify the shared key. If the shared secrets do not
+ * match, the two ends will disagree about the shared key, but
+ * otherwise the protocol will succeed.
+ */
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
+
+/*
+ * the return value belongs to the library and will be released when
+ * ctx is released, and will change when a new handshake is performed.
+ */
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_JPAKE_strings(void);
+
+/* Error codes for the JPAKE functions. */
+
+/* Function codes. */
+#define JPAKE_F_JPAKE_STEP1_PROCESS                      101
+#define JPAKE_F_JPAKE_STEP2_PROCESS                      102
+#define JPAKE_F_JPAKE_STEP3A_PROCESS                     103
+#define JPAKE_F_JPAKE_STEP3B_PROCESS                     104
+#define JPAKE_F_VERIFY_ZKP                               100
+
+/* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                 109
+#define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
+#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
+#define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
+#define JPAKE_R_VERIFY_B_FAILED                          102
+#define JPAKE_R_VERIFY_X3_FAILED                         103
+#define JPAKE_R_VERIFY_X4_FAILED                         104
+#define JPAKE_R_ZKP_VERIFY_FAILED                        100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c
new file mode 100644
index 0000000000..a9a9dee75c
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -0,0 +1,107 @@
+/* crypto/jpake/jpake_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/jpake.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
+
+static ERR_STRING_DATA JPAKE_str_functs[]=
+        {
+{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS),        "JPAKE_STEP3A_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS),        "JPAKE_STEP3B_process"},
+{ERR_FUNC(JPAKE_F_VERIFY_ZKP),  "VERIFY_ZKP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA JPAKE_str_reasons[]=
+        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
+{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
+{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
+{ERR_REASON(JPAKE_R_VERIFY_B_FAILED)     ,"verify b failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED)    ,"verify x3 failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED)    ,"verify x4 failed"},
+{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED)   ,"zkp verify failed"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_JPAKE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,JPAKE_str_functs);
+                ERR_load_strings(0,JPAKE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/jpake/jpaketest.c b/src/lib/libcrypto/jpake/jpaketest.c
new file mode 100644
index 0000000000..eaba75ed8a
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpaketest.c
@@ -0,0 +1,192 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+    printf("No J-PAKE support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/jpake.h>
+#include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+    {
+    fputs(name, stdout);
+    fputs(" = ", stdout);
+    BN_print_fp(stdout, bn);
+    putc('\n', stdout);
+    }
+
+static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
+    {
+    JPAKE_STEP1 alice_s1;
+    JPAKE_STEP1 bob_s1;
+    JPAKE_STEP2 alice_s2;
+    JPAKE_STEP2 bob_s2;
+    JPAKE_STEP3A alice_s3a;
+    JPAKE_STEP3B bob_s3b;
+
+   /* Alice -> Bob: step 1 */
+    puts("A->B s1");
+    JPAKE_STEP1_init(&alice_s1);
+    JPAKE_STEP1_generate(&alice_s1, alice);
+    if(!JPAKE_STEP1_process(bob, &alice_s1))
+        {
+        printf("Bob fails to process Alice's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 1;
+        }
+    JPAKE_STEP1_release(&alice_s1);
+
+   /* Bob -> Alice: step 1 */
+    puts("B->A s1");
+    JPAKE_STEP1_init(&bob_s1);
+    JPAKE_STEP1_generate(&bob_s1, bob);
+    if(!JPAKE_STEP1_process(alice, &bob_s1))
+        {
+        printf("Alice fails to process Bob's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 2;
+        }
+    JPAKE_STEP1_release(&bob_s1);
+
+   /* Alice -> Bob: step 2 */
+    puts("A->B s2");
+    JPAKE_STEP2_init(&alice_s2);
+    JPAKE_STEP2_generate(&alice_s2, alice);
+    if(!JPAKE_STEP2_process(bob, &alice_s2))
+        {
+        printf("Bob fails to process Alice's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 3;
+        }
+    JPAKE_STEP2_release(&alice_s2);
+
+   /* Bob -> Alice: step 2 */
+    puts("B->A s2");
+    JPAKE_STEP2_init(&bob_s2);
+    JPAKE_STEP2_generate(&bob_s2, bob);
+    if(!JPAKE_STEP2_process(alice, &bob_s2))
+        {
+        printf("Alice fails to process Bob's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 4;
+        }
+    JPAKE_STEP2_release(&bob_s2);
+
+    showbn("Alice's key", JPAKE_get_shared_key(alice));
+    showbn("Bob's key  ", JPAKE_get_shared_key(bob));
+
+   /* Alice -> Bob: step 3a */
+    puts("A->B s3a");
+    JPAKE_STEP3A_init(&alice_s3a);
+    JPAKE_STEP3A_generate(&alice_s3a, alice);
+    if(!JPAKE_STEP3A_process(bob, &alice_s3a))
+        {
+        printf("Bob fails to process Alice's step 3a\n");
+        ERR_print_errors_fp(stdout);
+        return 5;
+        }
+    JPAKE_STEP3A_release(&alice_s3a);
+    
+   /* Bob -> Alice: step 3b */
+    puts("B->A s3b");
+    JPAKE_STEP3B_init(&bob_s3b);
+    JPAKE_STEP3B_generate(&bob_s3b, bob);
+    if(!JPAKE_STEP3B_process(alice, &bob_s3b))
+        {
+        printf("Alice fails to process Bob's step 3b\n");
+        ERR_print_errors_fp(stdout);
+        return 6;
+        }
+    JPAKE_STEP3B_release(&bob_s3b);
+
+    return 0;
+    }
+
+int main(int argc, char **argv)
+    {
+    JPAKE_CTX *alice;
+    JPAKE_CTX *bob;
+    BIGNUM *p = NULL;
+    BIGNUM *g = NULL;
+    BIGNUM *q = NULL;
+    BIGNUM *secret = BN_new();
+    BIO *bio_err;
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ERR_load_crypto_strings();
+
+    /*
+    BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+    BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+    BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+    */
+    /*
+    p = BN_new();
+    BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
+    */
+   /* Use a safe prime for p (that we found earlier) */
+    BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+    showbn("p", p);
+    g = BN_new();
+    BN_set_word(g, 2);
+    showbn("g", g);
+    q = BN_new();
+    BN_rshift1(q, p);
+    showbn("q", q);
+
+    BN_rand(secret, 32, -1, 0);
+
+   /* A normal run, expect this to work... */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 0)
+        {
+        fprintf(stderr, "Plain JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+   /* Now give Alice and Bob different secrets */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    BN_add_word(secret, 1);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 5)
+        {
+        fprintf(stderr, "Mismatched secret JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+    BN_free(secret);
+    BN_free(q);
+    BN_free(g);
+    BN_free(p);
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_thread_state(NULL);
+    ERR_free_strings();
+    CRYPTO_mem_leaks(bio_err);
+
+    return 0;
+    }
+
+#endif
diff --git a/src/lib/libcrypto/krb5/Makefile b/src/lib/libcrypto/krb5/Makefile
new file mode 100644
index 0000000000..14077390d6
--- /dev/null
+++ b/src/lib/libcrypto/krb5/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/krb5/Makefile
+#
+
+DIR=    krb5
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+
+LIBOBJ= krb5_asn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= krb5_asn.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+krb5_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile
new file mode 100644
index 0000000000..82bddac474
--- /dev/null
+++ b/src/lib/libcrypto/lhash/Makefile
@@ -0,0 +1,88 @@
+#
+# OpenSSL/crypto/lhash/Makefile
+#
+
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+lh_stats.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lh_stats.o: ../../include/openssl/symhacks.h ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+lhash.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h lhash.c
diff --git a/src/lib/libcrypto/lhash/lh_test.c b/src/lib/libcrypto/lhash/lh_test.c
new file mode 100644
index 0000000000..85700c859b
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lh_test.c
@@ -0,0 +1,88 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/lhash.h>
+
+main()
+        {
+        LHASH *conf;
+        char buf[256];
+        int i;
+
+        conf=lh_new(lh_strhash,strcmp);
+        for (;;)
+                {
+                char *p;
+
+                buf[0]='\0';
+                fgets(buf,256,stdin);
+                if (buf[0] == '\0') break;
+                i=strlen(buf);
+                p=OPENSSL_malloc(i+1);
+                memcpy(p,buf,i+1);
+                lh_insert(conf,p);
+                }
+
+        lh_node_stats(conf,stdout);
+        lh_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/lhash/num.pl b/src/lib/libcrypto/lhash/num.pl
new file mode 100644
index 0000000000..30fedf9cd5
--- /dev/null
+++ b/src/lib/libcrypto/lhash/num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+
+#node     10 ->   4
+
+while (<>)
+        {
+        next unless /^node/;
+        chop;
+        @a=split;
+        $num{$a[3]}++;
+        }
+
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+        {
+        printf "%4d:%4d\n",$_,$num{$_};
+        }
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
new file mode 100644
index 0000000000..503829ae8d
--- /dev/null
+++ b/src/lib/libcrypto/man/Makefile
@@ -0,0 +1,903 @@
+# $OpenBSD: Makefile,v 1.1 2014/04/11 22:51:53 miod Exp $
+
+.include <bsd.own.mk>           # for NOMAN
+
+POD2MAN=pod2man --official --release="OpenBSD ${OSREV}" --center=OpenSSL
+
+.ifndef NOMAN
+MAN=    \
+        ASN1_OBJECT_new.3 \
+        ASN1_STRING_length.3 \
+        ASN1_STRING_new.3 \
+        ASN1_STRING_print_ex.3 \
+        ASN1_generate_nconf.3 \
+        BIO_ctrl.3 \
+        BIO_f_base64.3 \
+        BIO_f_buffer.3 \
+        BIO_f_cipher.3 \
+        BIO_f_md.3 \
+        BIO_f_null.3 \
+        BIO_find_type.3 \
+        BIO_new.3 \
+        BIO_push.3 \
+        BIO_read.3 \
+        BIO_s_accept.3 \
+        BIO_s_bio.3 \
+        BIO_s_connect.3 \
+        BIO_s_fd.3 \
+        BIO_s_file.3 \
+        BIO_s_mem.3 \
+        BIO_s_null.3 \
+        BIO_s_socket.3 \
+        BIO_set_callback.3 \
+        BIO_should_retry.3 \
+        BN_BLINDING_new.3 \
+        BN_CTX_new.3 \
+        BN_CTX_start.3 \
+        BN_add.3 \
+        BN_add_word.3 \
+        BN_bn2bin.3 \
+        BN_cmp.3 \
+        BN_copy.3 \
+        BN_generate_prime.3 \
+        BN_mod_inverse.3 \
+        BN_mod_mul_montgomery.3 \
+        BN_mod_mul_reciprocal.3 \
+        BN_new.3 \
+        BN_num_bytes.3 \
+        BN_rand.3 \
+        BN_set_bit.3 \
+        BN_swap.3 \
+        BN_zero.3 \
+        CONF_modules_free.3 \
+        CONF_modules_load_file.3 \
+        CRYPTO_set_ex_data.3 \
+        DH_generate_key.3 \
+        DH_generate_parameters.3 \
+        DH_get_ex_new_index.3 \
+        DH_new.3 \
+        DH_set_method.3 \
+        DH_size.3 \
+        DSA_SIG_new.3 \
+        DSA_do_sign.3 \
+        DSA_dup_DH.3 \
+        DSA_generate_key.3 \
+        DSA_generate_parameters.3 \
+        DSA_get_ex_new_index.3 \
+        DSA_new.3 \
+        DSA_set_method.3 \
+        DSA_sign.3 \
+        DSA_size.3 \
+        ERR_GET_LIB.3 \
+        ERR_clear_error.3 \
+        ERR_error_string.3 \
+        ERR_get_error.3 \
+        ERR_load_crypto_strings.3 \
+        ERR_load_strings.3 \
+        ERR_print_errors.3 \
+        ERR_put_error.3 \
+        ERR_remove_state.3 \
+        ERR_set_mark.3 \
+        EVP_BytesToKey.3 \
+        EVP_DigestInit.3 \
+        EVP_DigestSignInit.3 \
+        EVP_DigestVerifyInit.3 \
+        EVP_EncryptInit.3 \
+        EVP_OpenInit.3 \
+        EVP_PKEY_new.3 \
+        EVP_PKEY_set1_RSA.3 \
+        EVP_SealInit.3 \
+        EVP_SignInit.3 \
+        EVP_VerifyInit.3 \
+        OBJ_nid2obj.3 \
+        OPENSSL_VERSION_NUMBER.3 \
+        OPENSSL_config.3 \
+        OPENSSL_load_builtin_modules.3 \
+        OpenSSL_add_all_algorithms.3 \
+        PKCS12_create.3 \
+        PKCS12_parse.3 \
+        PKCS7_decrypt.3 \
+        PKCS7_encrypt.3 \
+        PKCS7_sign.3 \
+        PKCS7_verify.3 \
+        RAND_add.3 \
+        RAND_bytes.3 \
+        RAND_cleanup.3 \
+        RAND_egd.3 \
+        RAND_load_file.3 \
+        RAND_set_rand_method.3 \
+        RSA_blinding_on.3 \
+        RSA_check_key.3 \
+        RSA_generate_key.3 \
+        RSA_get_ex_new_index.3 \
+        RSA_new.3 \
+        RSA_padding_add_PKCS1_type_1.3 \
+        RSA_print.3 \
+        RSA_private_encrypt.3 \
+        RSA_public_encrypt.3 \
+        RSA_set_method.3 \
+        RSA_sign.3 \
+        RSA_sign_ASN1_OCTET_STRING.3 \
+        RSA_size.3 \
+        SMIME_read_PKCS7.3 \
+        SMIME_write_PKCS7.3 \
+        X509_NAME_ENTRY_get_object.3 \
+        X509_NAME_add_entry_by_txt.3 \
+        X509_NAME_get_index_by_NID.3 \
+        X509_NAME_print_ex.3 \
+        X509_new.3 \
+        X509_STORE_CTX_get_error.3 \
+        X509_STORE_CTX_get_ex_new_index.3 \
+        X509_STORE_CTX_new.3 \
+        X509_STORE_CTX_set_verify_cb.3 \
+        X509_STORE_set_verify_cb_func.3 \
+        X509_VERIFY_PARAM_set_flags.3 \
+        X509_verify_cert.3 \
+        bn.3 \
+        bn_internal.3 \
+        crypto.3 \
+        d2i_ASN1_OBJECT.3 \
+        d2i_DHparams.3 \
+        d2i_DSAPublicKey.3 \
+        d2i_PKCS8PrivateKey.3 \
+        d2i_RSAPublicKey.3 \
+        d2i_X509.3 \
+        d2i_X509_ALGOR.3 \
+        d2i_X509_CRL.3 \
+        d2i_X509_NAME.3 \
+        d2i_X509_REQ.3 \
+        d2i_X509_SIG.3 \
+        dh.3 \
+        dsa.3 \
+        ecdsa.3 \
+        engine.3 \
+        evp.3 \
+        lh_stats.3 \
+        lhash.3 \
+        pem.3 \
+        rsa.3 \
+        ui.3 \
+        ui_compat.3 \
+        x509.3 \
+        BF_set_key.3 \
+        BIO.3 \
+        BUF_MEM_new.3 \
+        CRYPTO_set_locking_callback.3 \
+        DES_set_key.3 \
+        ERR.3 \
+        HMAC.3 \
+        MD5.3 \
+        PEM_read_bio_PrivateKey.3 \
+        RAND.3 \
+        RC4.3 \
+        RIPEMD160.3 \
+        SHA1.3
+
+# These pages removed/renamed
+#       OPENSSL_ia32cap.cat3 \  # i386-only, internal API
+#       OPENSSL_Applink.cat3 \  # Win32 only
+#       bio.cat3 \              # conflict; see below
+#       blowfish.cat3 \         # conflict; see below
+#       buffer.cat3 \           # conflict; see below
+#       des.cat3 \              # conflict; see below
+#       des_modes.cat3 \        # fairly pointless
+#       hmac.cat3 \             # conflict; see below
+#       md5.cat3 \              # conflict; see below
+#       mdc2.cat3 \             # patents; removed
+#       rand.cat3 \             # conflict; see below
+#       rc4.cat3 \              # conflict; see below
+#       ripemd.cat3 \           # conflict; see below
+#       sha.cat3 \              # conflict; see below
+
+
+# these are a real problem, since they re-document functions described in
+# other pages.
+
+.for page src in \
+        BF_set_key blowfish \
+        BIO bio \
+        BUF_MEM_new buffer \
+        CRYPTO_set_locking_callback threads \
+        DES_set_key des \
+        ERR err \
+        HMAC hmac \
+        MD5 md5 \
+        PEM_read_bio_PrivateKey pem \
+        RAND rand \
+        RC4 rc4 \
+        RIPEMD160 ripemd \
+        SHA1 sha
+
+${page}.3: ${src}.pod
+        @echo '${POD2MAN} --section=3 --name=${page:U} $? > $@'
+        @${POD2MAN} --section=3 --name=${page:U} $? > $@.tmp && mv $@.tmp $@
+.endfor
+
+MLINKS+=\
+        ASN1_OBJECT_new.3 ASN1_OBJECT_free.3 \
+        ASN1_STRING_length.3 ASN1_STRING_cmp.3 \
+        ASN1_STRING_length.3 ASN1_STRING_data.3 \
+        ASN1_STRING_length.3 ASN1_STRING_dup.3 \
+        ASN1_STRING_length.3 ASN1_STRING_set.3 \
+        ASN1_STRING_length.3 ASN1_STRING_to_UTF8.3 \
+        ASN1_STRING_length.3 ASN1_STRING_type.3 \
+        ASN1_STRING_new.3 ASN1_STRING_free.3 \
+        ASN1_STRING_new.3 ASN1_STRING_type_new.3 \
+        ASN1_STRING_print_ex.3 ASN1_STRING_print.3 \
+        ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 \
+        ASN1_generate_nconf.3 ASN1_generate_v3.3 \
+        BF_set_key.3 BF_cbc_encrypt.3 \
+        BF_set_key.3 BF_cfb64_encrypt.3 \
+        BF_set_key.3 BF_decrypt.3 \
+        BF_set_key.3 BF_ecb_encrypt.3 \
+        BF_set_key.3 BF_encrypt.3 \
+        BF_set_key.3 BF_ofb64_encrypt.3 \
+        BF_set_key.3 BF_options.3 \
+        BIO_ctrl.3 BIO_callback_ctrl.3 \
+        BIO_ctrl.3 BIO_ctrl_pending.3 \
+        BIO_ctrl.3 BIO_ctrl_wpending.3 \
+        BIO_ctrl.3 BIO_eof.3 \
+        BIO_ctrl.3 BIO_flush.3 \
+        BIO_ctrl.3 BIO_get_close.3 \
+        BIO_ctrl.3 BIO_get_info_callback.3 \
+        BIO_ctrl.3 BIO_int_ctrl.3 \
+        BIO_ctrl.3 BIO_pending.3 \
+        BIO_ctrl.3 BIO_ptr_ctrl.3 \
+        BIO_ctrl.3 BIO_reset.3 \
+        BIO_ctrl.3 BIO_seek.3 \
+        BIO_ctrl.3 BIO_set_close.3 \
+        BIO_ctrl.3 BIO_set_info_callback.3 \
+        BIO_ctrl.3 BIO_tell.3 \
+        BIO_f_buffer.3 BIO_get_buffer_num_lines.3 \
+        BIO_f_buffer.3 BIO_set_buffer_read_data.3 \
+        BIO_f_buffer.3 BIO_set_buffer_size.3 \
+        BIO_f_buffer.3 BIO_set_read_buffer_size.3 \
+        BIO_f_buffer.3 BIO_set_write_buffer_size.3 \
+        BIO_f_cipher.3 BIO_get_cipher_ctx.3 \
+        BIO_f_cipher.3 BIO_get_cipher_status.3 \
+        BIO_f_cipher.3 BIO_set_cipher.3 \
+        BIO_f_md.3 BIO_get_md.3 \
+        BIO_f_md.3 BIO_get_md_ctx.3 \
+        BIO_f_md.3 BIO_set_md.3 \
+        BIO_find_type.3 BIO_method_type.3 \
+        BIO_find_type.3 BIO_next.3 \
+        BIO_new.3 BIO_free.3 \
+        BIO_new.3 BIO_free_all.3 \
+        BIO_new.3 BIO_set.3 \
+        BIO_new.3 BIO_vfree.3 \
+        BIO_push.3 BIO_pop.3 \
+        BIO_read.3 BIO_gets.3 \
+        BIO_read.3 BIO_puts.3 \
+        BIO_read.3 BIO_write.3 \
+        BIO_s_accept.3 BIO_do_accept.3 \
+        BIO_s_accept.3 BIO_get_accept_port.3 \
+        BIO_s_accept.3 BIO_get_bind_mode.3 \
+        BIO_s_accept.3 BIO_set_accept_bios.3 \
+        BIO_s_accept.3 BIO_set_accept_port.3 \
+        BIO_s_accept.3 BIO_set_bind_mode.3 \
+        BIO_s_accept.3 BIO_set_nbio_accept.3 \
+        BIO_s_bio.3 BIO_ctrl_get_read_request.3 \
+        BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3 \
+        BIO_s_bio.3 BIO_ctrl_reset_read_request.3 \
+        BIO_s_bio.3 BIO_destroy_bio_pair.3 \
+        BIO_s_bio.3 BIO_get_read_request.3 \
+        BIO_s_bio.3 BIO_get_write_buf_size.3 \
+        BIO_s_bio.3 BIO_get_write_guarantee.3 \
+        BIO_s_bio.3 BIO_make_bio_pair.3 \
+        BIO_s_bio.3 BIO_new_bio_pair.3 \
+        BIO_s_bio.3 BIO_set_write_buf_size.3 \
+        BIO_s_bio.3 BIO_shutdown_wr.3 \
+        BIO_s_connect.3 BIO_do_connect.3 \
+        BIO_s_connect.3 BIO_get_conn_hostname.3 \
+        BIO_s_connect.3 BIO_get_conn_int_port.3 \
+        BIO_s_connect.3 BIO_get_conn_ip.3 \
+        BIO_s_connect.3 BIO_get_conn_port.3 \
+        BIO_s_connect.3 BIO_set_conn_hostname.3 \
+        BIO_s_connect.3 BIO_set_conn_int_port.3 \
+        BIO_s_connect.3 BIO_set_conn_ip.3 \
+        BIO_s_connect.3 BIO_set_conn_port.3 \
+        BIO_s_connect.3 BIO_set_nbio.3 \
+        BIO_s_fd.3 BIO_get_fd.3 \
+        BIO_s_fd.3 BIO_new_fd.3 \
+        BIO_s_fd.3 BIO_set_fd.3 \
+        BIO_s_file.3 BIO_append_filename.3 \
+        BIO_s_file.3 BIO_get_fp.3 \
+        BIO_s_file.3 BIO_new_file.3 \
+        BIO_s_file.3 BIO_new_fp.3 \
+        BIO_s_file.3 BIO_read_filename.3 \
+        BIO_s_file.3 BIO_rw_filename.3 \
+        BIO_s_file.3 BIO_set_fp.3 \
+        BIO_s_file.3 BIO_write_filename.3 \
+        BIO_s_mem.3 BIO_get_mem_data.3 \
+        BIO_s_mem.3 BIO_get_mem_ptr.3 \
+        BIO_s_mem.3 BIO_new_mem_buf.3 \
+        BIO_s_mem.3 BIO_set_mem_buf.3 \
+        BIO_s_mem.3 BIO_set_mem_eof_return.3 \
+        BIO_s_socket.3 BIO_get_fd.3 \
+        BIO_s_socket.3 BIO_new_socket.3 \
+        BIO_s_socket.3 BIO_set_fd.3 \
+        BIO_set_callback.3 BIO_debug_callback.3 \
+        BIO_set_callback.3 BIO_get_callback.3 \
+        BIO_set_callback.3 BIO_get_callback_arg.3 \
+        BIO_set_callback.3 BIO_set_callback_arg.3 \
+        BIO_should_retry.3 BIO_get_retry_BIO.3 \
+        BIO_should_retry.3 BIO_get_retry_reason.3 \
+        BIO_should_retry.3 BIO_retry_type.3 \
+        BIO_should_retry.3 BIO_should_io_special.3 \
+        BIO_should_retry.3 BIO_should_read.3 \
+        BIO_should_retry.3 BIO_should_write.3 \
+        BN_BLINDING_new.3 BN_BLINDING_convert.3 \
+        BN_BLINDING_new.3 BN_BLINDING_convert_ex.3 \
+        BN_BLINDING_new.3 BN_BLINDING_create_param.3 \
+        BN_BLINDING_new.3 BN_BLINDING_free.3 \
+        BN_BLINDING_new.3 BN_BLINDING_get_thread_id.3 \
+        BN_BLINDING_new.3 BN_BLINDING_invert.3 \
+        BN_BLINDING_new.3 BN_BLINDING_invert_ex.3 \
+        BN_BLINDING_new.3 BN_BLINDING_get_flags.3 \
+        BN_BLINDING_new.3 BN_BLINDING_set_flags.3 \
+        BN_BLINDING_new.3 BN_BLINDING_set_thread_id.3 \
+        BN_BLINDING_new.3 BN_BLINDING_update.3 \
+        BN_CTX_new.3 BN_CTX_free.3 \
+        BN_CTX_new.3 BN_CTX_init.3 \
+        BN_CTX_start.3 BN_CTX_end.3 \
+        BN_CTX_start.3 BN_CTX_get.3 \
+        BN_add.3 BN_div.3 \
+        BN_add.3 BN_exp.3 \
+        BN_add.3 BN_gcd.3 \
+        BN_add.3 BN_mod.3 \
+        BN_add.3 BN_mod_exp.3 \
+        BN_add.3 BN_mod_mul.3 \
+        BN_add.3 BN_mul.3 \
+        BN_add.3 BN_sqr.3 \
+        BN_add.3 BN_sub.3 \
+        BN_add_word.3 BN_div_word.3 \
+        BN_add_word.3 BN_mod_word.3 \
+        BN_add_word.3 BN_mul_word.3 \
+        BN_add_word.3 BN_sub_word.3 \
+        BN_bn2bin.3 BN_bin2bn.3 \
+        BN_bn2bin.3 BN_bn2dec.3 \
+        BN_bn2bin.3 BN_bn2hex.3 \
+        BN_bn2bin.3 BN_bn2mpi.3 \
+        BN_bn2bin.3 BN_dec2bn.3 \
+        BN_bn2bin.3 BN_hex2bn.3 \
+        BN_bn2bin.3 BN_mpi2bn.3 \
+        BN_bn2bin.3 BN_print.3 \
+        BN_bn2bin.3 BN_print_fp.3 \
+        BN_cmp.3 BN_is_odd.3 \
+        BN_cmp.3 BN_is_one.3 \
+        BN_cmp.3 BN_is_word.3 \
+        BN_cmp.3 BN_is_zero.3 \
+        BN_cmp.3 BN_ucmp.3 \
+        BN_copy.3 BN_dup.3 \
+        BN_generate_prime.3 BN_is_prime.3 \
+        BN_generate_prime.3 BN_is_prime_fasttest.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_init.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 \
+        BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 \
+        BN_mod_mul_montgomery.3 BN_from_montgomery.3 \
+        BN_mod_mul_montgomery.3 BN_to_montgomery.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_init.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 \
+        BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 \
+        BN_mod_mul_reciprocal.3 BN_div_recp.3 \
+        BN_new.3 BN_clear.3 \
+        BN_new.3 BN_clear_free.3 \
+        BN_new.3 BN_free.3 \
+        BN_new.3 BN_init.3 \
+        BN_num_bytes.3 BN_num_bits.3 \
+        BN_num_bytes.3 BN_num_bits_word.3 \
+        BN_rand.3 BN_pseudo_rand.3 \
+        BN_rand.3 BN_rand_range.3 \
+        BN_set_bit.3 BN_clear_bit.3 \
+        BN_set_bit.3 BN_is_bit_set.3 \
+        BN_set_bit.3 BN_lshift.3 \
+        BN_set_bit.3 BN_lshift1.3 \
+        BN_set_bit.3 BN_mask_bits.3 \
+        BN_set_bit.3 BN_rshift.3 \
+        BN_set_bit.3 BN_rshift1.3 \
+        BN_zero.3 BN_get_word.3 \
+        BN_zero.3 BN_one.3 \
+        BN_zero.3 BN_set_word.3 \
+        BN_zero.3 BN_value_one.3 \
+        BUF_MEM_new.3 BUF_MEM_free.3 \
+        BUF_MEM_new.3 BUF_MEM_grow.3 \
+        BUF_MEM_new.3 BUF_strdup.3 \
+        CONF_modules_free.3 CONF_modules_finish.3 \
+        CONF_modules_free.3 CONF_modules_unload.3 \
+        CONF_modules_load_file.3 CONF_modules_load.3 \
+        CRYPTO_set_ex_data.3 CRYPTO_get_ex_data.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_add.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_add_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_destroy_dynlockid.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_get_new_dynlockid.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_num_locks.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_r_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_r_unlock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_create_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_destroy_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_lock_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_set_id_callback.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_w_lock.3 \
+        CRYPTO_set_locking_callback.3 CRYPTO_w_unlock.3 \
+        DH_generate_key.3 DH_compute_key.3 \
+        DH_generate_parameters.3 DH_check.3 \
+        DH_get_ex_new_index.3 DH_get_ex_data.3 \
+        DH_get_ex_new_index.3 DH_set_ex_data.3 \
+        DH_new.3 DH_free.3 \
+        DH_set_method.3 DH_OpenSSL.3 \
+        DH_set_method.3 DH_get_default_method.3 \
+        DH_set_method.3 DH_get_default_openssl_method.3 \
+        DH_set_method.3 DH_new_method.3 \
+        DH_set_method.3 DH_set_default_method.3 \
+        DH_set_method.3 DH_set_default_openssl_method.3 \
+        DSA_new.3 DSA_free.3 \
+        DSA_set_method.3 DSA_OpenSSL.3 \
+        DSA_set_method.3 DSA_get_default_method.3 \
+        DSA_set_method.3 DSA_get_default_openssl_method.3 \
+        DSA_set_method.3 DSA_new_method.3 \
+        DSA_set_method.3 DSA_set_default_method.3 \
+        DSA_set_method.3 DSA_set_default_openssl_method.3 \
+        DSA_sign.3 DSA_sign_setup.3 \
+        DSA_sign.3 DSA_verify.3 \
+        ERR_GET_LIB.3 ERR_GET_FUNC.3 \
+        ERR_GET_LIB.3 ERR_GET_REASON.3 \
+        ERR_error_string.3 ERR_error_string_n.3 \
+        ERR_error_string.3 ERR_func_error_string.3 \
+        ERR_error_string.3 ERR_lib_error_string.3 \
+        ERR_error_string.3 ERR_reason_error_string.3 \
+        ERR_get_error.3 ERR_get_error_line.3 \
+        ERR_get_error.3 ERR_get_error_line_data.3 \
+        ERR_get_error.3 ERR_peek_error.3 \
+        ERR_get_error.3 ERR_peek_error_line.3 \
+        ERR_get_error.3 ERR_peek_error_line_data.3 \
+        ERR_load_crypto_strings.3 ERR_free_strings.3 \
+        ERR_load_strings.3 ERR_PACK.3 \
+        ERR_load_strings.3 ERR_get_next_error_library.3 \
+        ERR_print_errors.3 ERR_print_errors_fp.3 \
+        ERR_put_error.3 ERR_add_error_data.3 \
+        ERR_set_mark.3 ERR_pop_to_mark.3 \
+        EVP_DigestInit.3 EVP_DigestFinal.3 \
+        EVP_DigestInit.3 EVP_DigestUpdate.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_block_size.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_copy.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_md.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_size.3 \
+        EVP_DigestInit.3 EVP_MD_CTX_type.3 \
+        EVP_DigestInit.3 EVP_MD_block_size.3 \
+        EVP_DigestInit.3 EVP_MD_pkey_type.3 \
+        EVP_DigestInit.3 EVP_MD_size.3 \
+        EVP_DigestInit.3 EVP_MD_type.3 \
+        EVP_DigestInit.3 EVP_dss.3 \
+        EVP_DigestInit.3 EVP_dss1.3 \
+        EVP_DigestInit.3 EVP_get_digestbyname.3 \
+        EVP_DigestInit.3 EVP_get_digestbynid.3 \
+        EVP_DigestInit.3 EVP_get_digestbyobj.3 \
+        EVP_DigestInit.3 EVP_md2.3 \
+        EVP_DigestInit.3 EVP_md5.3 \
+        EVP_DigestInit.3 EVP_md_null.3 \
+        EVP_DigestInit.3 EVP_mdc2.3 \
+        EVP_DigestInit.3 EVP_ripemd160.3 \
+        EVP_DigestInit.3 EVP_sha.3 \
+        EVP_DigestInit.3 EVP_sha1.3 \
+        EVP_DigestInit.3 OBJ_nid2sn.3 \
+        EVP_DigestInit.3 OBJ_obj2nid.3 \
+        EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 \
+        EVP_DigestSignInit.3 EVP_DigestSignFinal.3 \
+        EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 \
+        EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_cleanup.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_block_size.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_key_length.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_nid.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 \
+        EVP_EncryptInit.3 EVP_CIPHER_type.3 \
+        EVP_EncryptInit.3 EVP_CipherFinal.3 \
+        EVP_EncryptInit.3 EVP_CipherInit.3 \
+        EVP_EncryptInit.3 EVP_CipherUpdate.3 \
+        EVP_EncryptInit.3 EVP_DecryptFinal.3 \
+        EVP_EncryptInit.3 EVP_DecryptInit.3 \
+        EVP_EncryptInit.3 EVP_DecryptUpdate.3 \
+        EVP_EncryptInit.3 EVP_EncryptFinal.3 \
+        EVP_EncryptInit.3 EVP_EncryptUpdate.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbyname.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbynid.3 \
+        EVP_EncryptInit.3 EVP_get_cipherbyobj.3 \
+        EVP_EncryptInit.3 OBJ_nid2sn.3 \
+        EVP_EncryptInit.3 OBJ_obj2nid.3 \
+        EVP_OpenInit.3 EVP_OpenFinal.3 \
+        EVP_OpenInit.3 EVP_OpenUpdate.3 \
+        EVP_PKEY_new.3 EVP_PKEY_free.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_EC_KEY.3 \
+        EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 \
+        EVP_SealInit.3 EVP_SealFinal.3 \
+        EVP_SealInit.3 EVP_SealUpdate.3 \
+        EVP_SignInit.3 EVP_PKEY_size.3 \
+        EVP_SignInit.3 EVP_SignFinal.3 \
+        EVP_SignInit.3 EVP_SignUpdate.3 \
+        EVP_VerifyInit.3 EVP_VerifyFinal.3 \
+        EVP_VerifyInit.3 EVP_VerifyUpdate.3 \
+        HMAC.3 HMAC_Final.3 \
+        HMAC.3 HMAC_Init.3 \
+        HMAC.3 HMAC_Update.3 \
+        HMAC.3 HMAC_cleanup.3 \
+        MD5.3 MD2.3 \
+        MD5.3 MD2_Final.3 \
+        MD5.3 MD2_Init.3 \
+        MD5.3 MD2_Update.3 \
+        MD5.3 MD4.3 \
+        MD5.3 MD4_Final.3 \
+        MD5.3 MD4_Init.3 \
+        MD5.3 MD4_Update.3 \
+        MD5.3 MD5_Final.3 \
+        MD5.3 MD5_Init.3 \
+        MD5.3 MD5_Update.3 \
+        OBJ_nid2obj.3 OBJ_cleanup.3 \
+        OBJ_nid2obj.3 OBJ_cmp.3 \
+        OBJ_nid2obj.3 OBJ_create.3 \
+        OBJ_nid2obj.3 OBJ_dup.3 \
+        OBJ_nid2obj.3 OBJ_ln2nid.3 \
+        OBJ_nid2obj.3 OBJ_nid2ln.3 \
+        OBJ_nid2obj.3 OBJ_nid2sn.3 \
+        OBJ_nid2obj.3 OBJ_obj2nid.3 \
+        OBJ_nid2obj.3 OBJ_obj2txt.3 \
+        OBJ_nid2obj.3 OBJ_sn2nid.3 \
+        OBJ_nid2obj.3 OBJ_txt2nid.3 \
+        OBJ_nid2obj.3 OBJ_txt2obj.3 \
+        OPENSSL_VERSION_NUMBER.3 SSLeay.3 \
+        OPENSSL_VERSION_NUMBER.3 SSLeay_version.3 \
+        OPENSSL_config.3 OPENSSL_no_config.3 \
+        OPENSSL_load_builtin_modules.3 ASN1_add_oid_module.3 \
+        OPENSSL_load_builtin_modules.3 ENGINE_add_conf_module.3 \
+        OpenSSL_add_all_algorithms.3 EVP_cleanup.3 \
+        OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 \
+        OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_DHparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_DSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_DSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_DSAparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_PKCS7.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_PrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_RSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_RSAPublicKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_RSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_X509.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_X509_AUX.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_X509_CRL.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_X509_REQ.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_DHparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_DSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_PKCS7.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPublicKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_RSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_X509.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_AUX.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_CRL.3 \
+        PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_REQ.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_DHparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_DSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_DSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_DSAparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_PKCS7.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey_nid.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_PrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_RSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_RSAPublicKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_RSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_X509.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_X509_AUX.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_X509_CRL.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ_NEW.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_DHparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_DSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAparams.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS7.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey_nid.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPrivateKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPublicKey.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_RSA_PUBKEY.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_AUX.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 \
+        PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 \
+        RAND_add.3 RAND_event.3 \
+        RAND_add.3 RAND_screen.3 \
+        RAND_add.3 RAND_seed.3 \
+        RAND_add.3 RAND_status.3 \
+        RAND_bytes.3 RAND_pseudo_bytes.3 \
+        RAND_egd.3 RAND_egd_bytes.3 \
+        RAND_load_file.3 RAND_file_name.3 \
+        RAND_load_file.3 RAND_write_file.3 \
+        RAND_set_rand_method.3 RAND_SSLeay.3 \
+        RAND_set_rand_method.3 RAND_get_rand_method.3 \
+        RC4.3 RC4_set_key.3 \
+        RIPEMD160.3 RIPEMD160_Final.3 \
+        RIPEMD160.3 RIPEMD160_Init.3 \
+        RIPEMD160.3 RIPEMD160_Update.3 \
+        RSA_blinding_on.3 RSA_blinding_off.3 \
+        RSA_get_ex_new_index.3 RSA_get_ex_data.3 \
+        RSA_get_ex_new_index.3 RSA_set_ex_data.3 \
+        RSA_new.3 RSA_free.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 \
+        RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 \
+        RSA_print.3 DHparams_print.3 \
+        RSA_print.3 DHparams_print_fp.3 \
+        RSA_print.3 DSA_print.3 \
+        RSA_print.3 DSA_print_fp.3 \
+        RSA_print.3 DSAparams_print.3 \
+        RSA_print.3 DSAparams_print_fp.3 \
+        RSA_print.3 RSA_print_fp.3 \
+        RSA_private_encrypt.3 RSA_public_decrypt.3 \
+        RSA_public_encrypt.3 RSA_private_decrypt.3 \
+        RSA_set_method.3 RSA_PKCS1_RSAref.3 \
+        RSA_set_method.3 RSA_PKCS1_SSLeay.3 \
+        RSA_set_method.3 RSA_flags.3 \
+        RSA_set_method.3 RSA_get_default_method.3 \
+        RSA_set_method.3 RSA_get_default_openssl_method.3 \
+        RSA_set_method.3 RSA_get_method.3 \
+        RSA_set_method.3 RSA_new_method.3 \
+        RSA_set_method.3 RSA_null_method.3 \
+        RSA_set_method.3 RSA_set_default_method.3 \
+        RSA_set_method.3 RSA_set_default_openssl_method.3 \
+        RSA_sign.3 RSA_verify.3 \
+        RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 \
+        SHA1.3 SHA1_Final.3 \
+        SHA1.3 SHA1_Init.3 \
+        SHA1.3 SHA1_Update.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_NID.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_OBJ.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_txt.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_data.3 \
+        X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_object.3 \
+        X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry.3 \
+        X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_NID.3 \
+        X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_OBJ.3 \
+        X509_NAME_add_entry_by_txt.3 X509_NAME_delete_entry.3 \
+        X509_new.3 X509_free.3 \
+        X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 \
+        X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 \
+        X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 \
+        X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 \
+        X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 \
+        X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 \
+        X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_cleanup.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_free.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_get0_param.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_init.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_set0_crls.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_set0_param.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_set_cert.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_set_chain.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_set_default.3 \
+        X509_STORE_CTX_new.3 X509_STORE_CTX_trusted_stack.3 \
+        X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_cb.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add0_policy.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_clear_flags.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_depth.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_flags.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_policies.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_depth.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_purpose.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_time.3 \
+        X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_trust.3 \
+        bn_internal.3 bn_add_words.3 \
+        bn_internal.3 bn_check_top.3 \
+        bn_internal.3 bn_cmp_words.3 \
+        bn_internal.3 bn_div_words.3 \
+        bn_internal.3 bn_dump.3 \
+        bn_internal.3 bn_expand.3 \
+        bn_internal.3 bn_expand2.3 \
+        bn_internal.3 bn_fix_top.3 \
+        bn_internal.3 bn_mul_add_words.3 \
+        bn_internal.3 bn_mul_comba4.3 \
+        bn_internal.3 bn_mul_comba8.3 \
+        bn_internal.3 bn_mul_high.3 \
+        bn_internal.3 bn_mul_low_normal.3 \
+        bn_internal.3 bn_mul_low_recursive.3 \
+        bn_internal.3 bn_mul_normal.3 \
+        bn_internal.3 bn_mul_part_recursive.3 \
+        bn_internal.3 bn_mul_recursive.3 \
+        bn_internal.3 bn_mul_words.3 \
+        bn_internal.3 bn_print.3 \
+        bn_internal.3 bn_set_high.3 \
+        bn_internal.3 bn_set_low.3 \
+        bn_internal.3 bn_set_max.3 \
+        bn_internal.3 bn_sqr_comba4.3 \
+        bn_internal.3 bn_sqr_comba8.3 \
+        bn_internal.3 bn_sqr_normal.3 \
+        bn_internal.3 bn_sqr_recursive.3 \
+        bn_internal.3 bn_sqr_words.3 \
+        bn_internal.3 bn_sub_words.3 \
+        bn_internal.3 bn_wexpand.3 \
+        bn_internal.3 mul.3 \
+        bn_internal.3 mul_add.3 \
+        bn_internal.3 sqr.3 \
+        d2i_ASN1_OBJECT.3 i2d_ASN1_OBJECT.3 \
+        d2i_DHparams.3 i2d_DHparams.3 \
+        d2i_DSAPublicKey.3 d2i_DSAPrivateKey.3 \
+        d2i_DSAPublicKey.3 d2i_DSA_PUBKEY.3 \
+        d2i_DSAPublicKey.3 d2i_DSA_SIG.3 \
+        d2i_DSAPublicKey.3 d2i_DSAparams.3 \
+        d2i_DSAPublicKey.3 i2d_DSAPrivateKey.3 \
+        d2i_DSAPublicKey.3 i2d_DSAPublicKey.3 \
+        d2i_DSAPublicKey.3 i2d_DSA_PUBKEY.3 \
+        d2i_DSAPublicKey.3 i2d_DSA_SIG.3 \
+        d2i_DSAPublicKey.3 i2d_DSAparams.3 \
+        d2i_PKCS8PrivateKey.3 d2i_PKCS8PrivateKey_bio.3 \
+        d2i_PKCS8PrivateKey.3 d2i_PKCS8PrivateKey_fp.3 \
+        d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_bio.3 \
+        d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_fp.3 \
+        d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_nid_bio.3 \
+        d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_nid_fp.3 \
+        d2i_RSAPublicKey.3 d2i_Netscape_RSA.3 \
+        d2i_RSAPublicKey.3 d2i_RSAPrivateKey.3 \
+        d2i_RSAPublicKey.3 i2d_Netscape_RSA.3 \
+        d2i_RSAPublicKey.3 i2d_RSAPrivateKey.3 \
+        d2i_RSAPublicKey.3 i2d_RSAPublicKey.3 \
+        d2i_X509.3 d2i_X509_bio.3 \
+        d2i_X509.3 d2i_X509_fp.3 \
+        d2i_X509.3 i2d_X509.3 \
+        d2i_X509.3 i2d_X509_bio.3 \
+        d2i_X509.3 i2d_X509_fp.3 \
+        d2i_X509_ALGOR.3 i2d_X509_ALGOR.3 \
+        d2i_X509_CRL.3 d2i_X509_CRL_bio.3 \
+        d2i_X509_CRL.3 d2i_X509_CRL_fp.3 \
+        d2i_X509_CRL.3 i2d_X509_CRL.3 \
+        d2i_X509_CRL.3 i2d_X509_CRL_bio.3 \
+        d2i_X509_CRL.3 i2d_X509_CRL_fp.3 \
+        d2i_X509_NAME.3 i2d_X509_NAME.3 \
+        d2i_X509_REQ.3 d2i_X509_REQ_bio.3 \
+        d2i_X509_REQ.3 d2i_X509_REQ_fp.3 \
+        d2i_X509_REQ.3 i2d_X509_REQ.3 \
+        d2i_X509_REQ.3 i2d_X509_REQ_bio.3 \
+        d2i_X509_REQ.3 i2d_X509_REQ_fp.3 \
+        dsa.3 DSA_OpenSSL.3 \
+        dsa.3 DSA_SIG_free.3 \
+        dsa.3 DSA_do_verify.3 \
+        dsa.3 DSA_free.3 \
+        dsa.3 DSA_get_default_method.3 \
+        dsa.3 DSA_get_ex_data.3 \
+        dsa.3 DSA_new_method.3 \
+        dsa.3 DSA_set_default_method.3 \
+        dsa.3 DSA_set_ex_data.3 \
+        dsa.3 DSA_sign_setup.3 \
+        dsa.3 DSA_verify.3 \
+        ecdsa.3 ECDSA_OpenSSL.3 \
+        ecdsa.3 ECDSA_SIG_free.3 \
+        ecdsa.3 ECDSA_SIG_new.3 \
+        ecdsa.3 ECDSA_do_sign.3 \
+        ecdsa.3 ECDSA_do_sign_ex.3 \
+        ecdsa.3 ECDSA_do_verify.3 \
+        ecdsa.3 ECDSA_get_default_method.3 \
+        ecdsa.3 ECDSA_get_ex_data.3 \
+        ecdsa.3 ECDSA_get_ex_new_index.3 \
+        ecdsa.3 ECDSA_set_default_method.3 \
+        ecdsa.3 ECDSA_set_ex_data.3 \
+        ecdsa.3 ECDSA_set_method.3 \
+        ecdsa.3 ECDSA_sign.3 \
+        ecdsa.3 ECDSA_sign_ex.3 \
+        ecdsa.3 ECDSA_sign_setup.3 \
+        ecdsa.3 ECDSA_verify.3 \
+        ecdsa.3 d2i_ECDSA_SIG.3 \
+        ecdsa.3 i2d_ECDSA_SIG.3 \
+        engine.3 ENGINE_add.3 \
+        engine.3 ENGINE_by_id.3 \
+        engine.3 ENGINE_finish.3 \
+        engine.3 ENGINE_get_first.3 \
+        engine.3 ENGINE_get_last.3 \
+        engine.3 ENGINE_get_next.3 \
+        engine.3 ENGINE_get_prev.3 \
+        engine.3 ENGINE_init.3 \
+        engine.3 ENGINE_load_builtin_engines.3 \
+        engine.3 ENGINE_remove.3 \
+        lh_stats.3 lh_node_stats.3 \
+        lh_stats.3 lh_node_stats_bio.3 \
+        lh_stats.3 lh_node_usage_stats.3 \
+        lh_stats.3 lh_node_usage_stats_bio.3 \
+        lh_stats.3 lh_stats_bio.3 \
+        lhash.3 lh_delete.3 \
+        lhash.3 lh_doall.3 \
+        lhash.3 lh_doall_arg.3 \
+        lhash.3 lh_error.3 \
+        lhash.3 lh_free.3 \
+        lhash.3 lh_insert.3 \
+        lhash.3 lh_new.3 \
+        lhash.3 lh_retrieve.3 \
+        ui.3 UI_OpenSSL.3 \
+        ui.3 UI_add_error_string.3 \
+        ui.3 UI_add_info_string.3 \
+        ui.3 UI_add_input_boolean.3 \
+        ui.3 UI_add_input_string.3 \
+        ui.3 UI_add_user_data.3 \
+        ui.3 UI_add_verify_string.3 \
+        ui.3 UI_construct_prompt.3 \
+        ui.3 UI_ctrl.3 \
+        ui.3 UI_dup_error_string.3 \
+        ui.3 UI_dup_info_string.3 \
+        ui.3 UI_dup_input_boolean.3 \
+        ui.3 UI_dup_input_string.3 \
+        ui.3 UI_dup_verify_string.3 \
+        ui.3 UI_free.3 \
+        ui.3 UI_get0_result.3 \
+        ui.3 UI_get0_user_data.3 \
+        ui.3 UI_get_default_method.3 \
+        ui.3 UI_get_method.3 \
+        ui.3 UI_new.3 \
+        ui.3 UI_new_method.3 \
+        ui.3 UI_process.3 \
+        ui.3 UI_set_default_method.3 \
+        ui.3 UI_set_method.3 \
+        ui_compat.3 des_read_2passwords.3 \
+        ui_compat.3 des_read_password.3 \
+        ui_compat.3 des_read_pw.3 \
+        ui_compat.3 des_read_pw_string.3
+
+.include <bsd.man.mk>
+.else
+maninstall:
+
+.endif
+
+# XXX .PATH order is critical because of non-unique filenames
+.PATH: ${.CURDIR}/../../libssl/src/doc/crypto
+.SUFFIXES: .pod .1 .3 .7
+.for sect in 1 3 7
+.pod.${sect}:
+        @echo '${POD2MAN} --section=${sect} --name=${*:U} $< > $@'
+        @${POD2MAN} --section=${sect} --name=${*:U} $< > $@.tmp && mv $@.tmp $@
+.endfor
+
+.include <bsd.obj.mk>
+.include <bsd.subdir.mk>
+
+clean cleandir:
+        rm -f ${MAN} ${MANLINT}
diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile
new file mode 100644
index 0000000000..17f878aeb7
--- /dev/null
+++ b/src/lib/libcrypto/md2/Makefile
@@ -0,0 +1,89 @@
+#
+# OpenSSL/crypto/md/Makefile
+#
+
+DIR=    md2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_dgst.o: ../../include/openssl/symhacks.h md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+md2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_one.o: ../cryptlib.h md2_one.c
diff --git a/src/lib/libcrypto/md2/md2.c b/src/lib/libcrypto/md2/md2.c
new file mode 100644
index 0000000000..f4d6f62264
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2.c
@@ -0,0 +1,124 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md2.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD2(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        return(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD2_CTX c;
+        unsigned char md[MD2_DIGEST_LENGTH];
+        int fd,i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD2_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD2_Update(&c,buf,(unsigned long)i);
+                }
+        MD2_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md2/md2.h b/src/lib/libcrypto/md2/md2.h
new file mode 100644
index 0000000000..d59c9f2593
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2.h
@@ -0,0 +1,95 @@
+/* crypto/md/md2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD2_H
+#define HEADER_MD2_H
+
+#include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */
+#ifdef OPENSSL_NO_MD2
+#error MD2 is disabled.
+#endif
+#include <stddef.h>
+
+#define MD2_DIGEST_LENGTH       16
+#define MD2_BLOCK               16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct MD2state_st
+        {
+        unsigned int num;
+        unsigned char data[MD2_BLOCK];
+        MD2_INT cksm[MD2_BLOCK];
+        MD2_INT state[MD2_BLOCK];
+        } MD2_CTX;
+
+const char *MD2_options(void);
+#ifdef OPENSSL_FIPS
+int private_MD2_Init(MD2_CTX *c);
+#endif
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c
new file mode 100644
index 0000000000..bf89def73e
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_dgst.c
@@ -0,0 +1,227 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+
+const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR   unsigned char
+
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/* The magic S table - I have converted it to hex since it is
+ * basically just a random byte string. */
+static const MD2_INT S[256]={
+        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+        0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+        0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+        0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+        0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+        0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+        0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+        0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+        0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+        0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+        0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+        0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+        0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+        0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+        0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+        0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+        0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+        0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+        0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+        0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+        0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+        0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+        0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+        0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+        0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+        0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+        0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+        0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+        0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+        0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+        };
+
+const char *MD2_options(void)
+        {
+        if (sizeof(MD2_INT) == 1)
+                return("md2(char)");
+        else
+                return("md2(int)");
+        }
+
+fips_md_init(MD2)
+        {
+        c->num=0;
+        memset(c->state,0,sizeof c->state);
+        memset(c->cksm,0,sizeof c->cksm);
+        memset(c->data,0,sizeof c->data);
+        return 1;
+        }
+
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
+        {
+        register UCHAR *p;
+
+        if (len == 0) return 1;
+
+        p=c->data;
+        if (c->num != 0)
+                {
+                if ((c->num+len) >= MD2_BLOCK)
+                        {
+                        memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
+                        md2_block(c,c->data);
+                        data+=(MD2_BLOCK - c->num);
+                        len-=(MD2_BLOCK - c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        memcpy(&(p[c->num]),data,len);
+                        /* data+=len; */
+                        c->num+=(int)len;
+                        return 1;
+                        }
+                }
+        /* we now can process the input data in blocks of MD2_BLOCK
+         * chars and save the leftovers to c->data. */
+        while (len >= MD2_BLOCK)
+                {
+                md2_block(c,data);
+                data+=MD2_BLOCK;
+                len-=MD2_BLOCK;
+                }
+        memcpy(p,data,len);
+        c->num=(int)len;
+        return 1;
+        }
+
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+        {
+        register MD2_INT t,*sp1,*sp2;
+        register int i,j;
+        MD2_INT state[48];
+
+        sp1=c->state;
+        sp2=c->cksm;
+        j=sp2[MD2_BLOCK-1];
+        for (i=0; i<16; i++)
+                {
+                state[i]=sp1[i];
+                state[i+16]=t=d[i];
+                state[i+32]=(t^sp1[i]);
+                j=sp2[i]^=S[t^j];
+                }
+        t=0;
+        for (i=0; i<18; i++)
+                {
+                for (j=0; j<48; j+=8)
+                        {
+                        t= state[j+ 0]^=S[t];
+                        t= state[j+ 1]^=S[t];
+                        t= state[j+ 2]^=S[t];
+                        t= state[j+ 3]^=S[t];
+                        t= state[j+ 4]^=S[t];
+                        t= state[j+ 5]^=S[t];
+                        t= state[j+ 6]^=S[t];
+                        t= state[j+ 7]^=S[t];
+                        }
+                t=(t+i)&0xff;
+                }
+        memcpy(sp1,state,16*sizeof(MD2_INT));
+        OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+        }
+
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+        {
+        int i,v;
+        register UCHAR *cp;
+        register MD2_INT *p1,*p2;
+
+        cp=c->data;
+        p1=c->state;
+        p2=c->cksm;
+        v=MD2_BLOCK-c->num;
+        for (i=c->num; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)v;
+
+        md2_block(c,cp);
+
+        for (i=0; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)p2[i];
+        md2_block(c,cp);
+
+        for (i=0; i<16; i++)
+                md[i]=(UCHAR)(p1[i]&0xff);
+        memset((char *)&c,0,sizeof(c));
+        return 1;
+        }
+
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
new file mode 100644
index 0000000000..f7fef5cc0a
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -0,0 +1,94 @@
+/* crypto/md2/md2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/md2.h>
+
+/* This is a separate file so that #defines in cryptlib.h can
+ * map my MD functions to different names */
+
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
+        {
+        MD2_CTX c;
+        static unsigned char m[MD2_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        if (!MD2_Init(&c))
+                return NULL;
+#ifndef CHARSET_EBCDIC
+        MD2_Update(&c,d,n);
+#else
+        {
+                char temp[1024];
+                unsigned long chunk;
+
+                while (n > 0)
+                {
+                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+                        ebcdic2ascii(temp, d, chunk);
+                        MD2_Update(&c,temp,chunk);
+                        n -= chunk;
+                        d += chunk;
+                }
+        }
+#endif
+        MD2_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c));  /* Security consideration */
+        return(md);
+        }
diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c
new file mode 100644
index 0000000000..db5f5bc6d2
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2test.c
@@ -0,0 +1,143 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md2.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+        "8350e5a3e24c153df2275c9f80692773",
+        "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+        "da853b0d3f88d99b30283a69e6ded6bb",
+        "ab4f496bfb2a530b219ff33031fe06b0",
+        "4e8ddff3650292ab5a4108c3aa47940b",
+        "da33def2a42df13975352846c30338cd",
+        "d5976f79d83d3a0dc9806c3c66f3efd8",
+        };
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        unsigned char md[MD2_DIGEST_LENGTH];
+
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL);
+                p=pt(md);
+                if (strcmp(p,*R) != 0)
+                        {
+                        printf("error calculating MD2 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return err;
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile
new file mode 100644
index 0000000000..e6f1e4478c
--- /dev/null
+++ b/src/lib/libcrypto/md4/Makefile
@@ -0,0 +1,89 @@
+#
+# OpenSSL/crypto/md4/Makefile
+#
+
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS)
+
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md4_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_one.o: ../../include/openssl/symhacks.h md4_one.c
diff --git a/src/lib/libcrypto/md4/md4.c b/src/lib/libcrypto/md4/md4.c
new file mode 100644
index 0000000000..141415ad4d
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4.c
@@ -0,0 +1,127 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD4(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD4_CTX c;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD4_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,sizeof buf);
+                if (i <= 0) break;
+                MD4_Update(&c,buf,(unsigned long)i);
+                }
+        MD4_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
index b5b165b052..82c2cb2d98 100644
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -106,23 +106,22 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 
         for (;num--;)
                 {
-        (void)HOST_c2l(data,l); X( 0)=l;
-        (void)HOST_c2l(data,l); X( 1)=l;
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
         /* Round 0 */
-        R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
+        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
         R0(C,D,A,B,X(14),11,0);
         R0(B,C,D,A,X(15),19,0);
         /* Round 1 */
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
index 99c3e5004c..c8085b0ead 100644
--- a/src/lib/libcrypto/md4/md4_locl.h
+++ b/src/lib/libcrypto/md4/md4_locl.h
@@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD4_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
diff --git a/src/lib/libcrypto/md4/md4s.cpp b/src/lib/libcrypto/md4/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD4_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md4_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md4_block_x86(&ctx,buffer,num);
+                        }
+                printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
+
diff --git a/src/lib/libcrypto/md4/md4test.c b/src/lib/libcrypto/md4/md4test.c
new file mode 100644
index 0000000000..56591728a1
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4test.c
@@ -0,0 +1,136 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        unsigned char md[MD4_DIGEST_LENGTH];
+
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile
new file mode 100644
index 0000000000..b9e2ce9a38
--- /dev/null
+++ b/src/lib/libcrypto/md5/Makefile
@@ -0,0 +1,102 @@
+#
+# OpenSSL/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+md5-586.s:      asm/md5-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+
+md5-x86_64.s:   asm/md5-x86_64.pl
+        $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@
+
+md5-ia64.s: asm/md5-ia64.S
+        $(CC) $(CFLAGS) -E asm/md5-ia64.S | \
+        $(PERL) -ne 's/;\s+/;\n/g; print;' > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_one.o: ../../include/openssl/symhacks.h md5_one.c
diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c
new file mode 100644
index 0000000000..563733abc5
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5.c
@@ -0,0 +1,127 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md5.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD5(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        MD5_CTX c;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        MD5_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD5_Update(&c,buf,(unsigned long)i);
+                }
+        MD5_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
index 74d63d1f9c..968d577995 100644
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD5_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
diff --git a/src/lib/libcrypto/md5/md5s.cpp b/src/lib/libcrypto/md5/md5s.cpp
new file mode 100644
index 0000000000..dd343fd4e6
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md5.h>
+
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD5_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md5_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md5_block_x86(&ctx,buffer,num);
+                        }
+                printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
+
diff --git a/src/lib/libcrypto/md5/md5test.c b/src/lib/libcrypto/md5/md5test.c
new file mode 100644
index 0000000000..2b37190e32
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5test.c
@@ -0,0 +1,140 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+        "d41d8cd98f00b204e9800998ecf8427e",
+        "0cc175b9c0f1b6a831c399e269772661",
+        "900150983cd24fb0d6963f7d28e17f72",
+        "f96b697d7cb7938d525a2f31aaf161d0",
+        "c3fcd3d76192e4007dfb496cca67e13b",
+        "d174ab98d277d9f5a5611c2c9f419d9f",
+        "57edf4a22be3c955ac49da2e2107b67a",
+        };
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        unsigned char md[MD5_DIGEST_LENGTH];
+
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD5 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
new file mode 100644
index 0000000000..141553149d
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -0,0 +1,93 @@
+#
+# OpenSSL/crypto/mdc2/Makefile
+#
+
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+mdc2dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+mdc2dgst.o: ../../include/openssl/ui_compat.h mdc2dgst.c
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
new file mode 100644
index 0000000000..f3e8e579d2
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2.h
@@ -0,0 +1,98 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MDC2_H
+#define HEADER_MDC2_H
+
+#include <openssl/des.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_MDC2
+#error MDC2 is disabled.
+#endif
+
+#define MDC2_BLOCK              8
+#define MDC2_DIGEST_LENGTH      16
+ 
+typedef struct mdc2_ctx_st
+        {
+        unsigned int num;
+        unsigned char data[MDC2_BLOCK];
+        DES_cblock h,hh;
+        int pad_type; /* either 1 or 2, default 1 */
+        } MDC2_CTX;
+
+
+#ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+#endif
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n,
+        unsigned char *md);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/src/lib/libcrypto/mdc2/mdc2_one.c b/src/lib/libcrypto/mdc2/mdc2_one.c
new file mode 100644
index 0000000000..72647f67ed
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2_one.c
@@ -0,0 +1,76 @@
+/* crypto/mdc2/mdc2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
+        {
+        MDC2_CTX c;
+        static unsigned char m[MDC2_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        if (!MDC2_Init(&c))
+                return NULL;
+        MDC2_Update(&c,d,n);
+        MDC2_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+        return(md);
+        }
+
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
new file mode 100644
index 0000000000..b74bb1a759
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2dgst.c
@@ -0,0 +1,200 @@
+/* crypto/mdc2/mdc2dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+#include <openssl/crypto.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+fips_md_init(MDC2)
+        {
+        c->num=0;
+        c->pad_type=1;
+        memset(&(c->h[0]),0x52,MDC2_BLOCK);
+        memset(&(c->hh[0]),0x25,MDC2_BLOCK);
+        return 1;
+        }
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+        {
+        size_t i,j;
+
+        i=c->num;
+        if (i != 0)
+                {
+                if (i+len < MDC2_BLOCK)
+                        {
+                        /* partial block */
+                        memcpy(&(c->data[i]),in,len);
+                        c->num+=(int)len;
+                        return 1;
+                        }
+                else
+                        {
+                        /* filled one */
+                        j=MDC2_BLOCK-i;
+                        memcpy(&(c->data[i]),in,j);
+                        len-=j;
+                        in+=j;
+                        c->num=0;
+                        mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
+                        }
+                }
+        i=len&~((size_t)MDC2_BLOCK-1);
+        if (i > 0) mdc2_body(c,in,i);
+        j=len-i;
+        if (j > 0)
+                {
+                memcpy(&(c->data[0]),&(in[i]),j);
+                c->num=(int)j;
+                }
+        return 1;
+        }
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG ttin0,ttin1;
+        DES_LONG d[2],dd[2];
+        DES_key_schedule k;
+        unsigned char *p;
+        size_t i;
+
+        for (i=0; i<len; i+=8)
+                {
+                c2l(in,tin0); d[0]=dd[0]=tin0;
+                c2l(in,tin1); d[1]=dd[1]=tin1;
+                c->h[0]=(c->h[0]&0x9f)|0x40;
+                c->hh[0]=(c->hh[0]&0x9f)|0x20;
+
+                DES_set_odd_parity(&c->h);
+                DES_set_key_unchecked(&c->h,&k);
+                DES_encrypt1(d,&k,1);
+
+                DES_set_odd_parity(&c->hh);
+                DES_set_key_unchecked(&c->hh,&k);
+                DES_encrypt1(dd,&k,1);
+
+                ttin0=tin0^dd[0];
+                ttin1=tin1^dd[1];
+                tin0^=d[0];
+                tin1^=d[1];
+
+                p=c->h;
+                l2c(tin0,p);
+                l2c(ttin1,p);
+                p=c->hh;
+                l2c(ttin0,p);
+                l2c(tin1,p);
+                }
+        }
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+        {
+        unsigned int i;
+        int j;
+
+        i=c->num;
+        j=c->pad_type;
+        if ((i > 0) || (j == 2))
+                {
+                if (j == 2)
+                        c->data[i++]=0x80;
+                memset(&(c->data[i]),0,MDC2_BLOCK-i);
+                mdc2_body(c,c->data,MDC2_BLOCK);
+                }
+        memcpy(md,(char *)c->h,MDC2_BLOCK);
+        memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
+        return 1;
+        }
+
+#undef TEST
+
+#ifdef TEST
+main()
+        {
+        unsigned char md[MDC2_DIGEST_LENGTH];
+        int i;
+        MDC2_CTX c;
+        static char *text="Now is the time for all ";
+
+        MDC2_Init(&c);
+        MDC2_Update(&c,text,strlen(text));
+        MDC2_Final(&(md[0]),&c);
+
+        for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                printf("%02X",md[i]);
+        printf("\n");
+        }
+
+#endif
diff --git a/src/lib/libcrypto/mdc2/mdc2test.c b/src/lib/libcrypto/mdc2/mdc2test.c
new file mode 100644
index 0000000000..017b31add2
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2test.c
@@ -0,0 +1,149 @@
+/* crypto/mdc2/mdc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+#define OPENSSL_NO_MDC2
+#endif
+
+#ifdef OPENSSL_NO_MDC2
+int main(int argc, char *argv[])
+{
+    printf("No MDC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/mdc2.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static unsigned char pad1[16]={
+        0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
+        0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
+        };
+
+static unsigned char pad2[16]={
+        0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
+        0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
+        };
+
+int main(int argc, char *argv[])
+        {
+        int ret=0;
+        unsigned char md[MDC2_DIGEST_LENGTH];
+        int i;
+        EVP_MD_CTX c;
+        static char *text="Now is the time for all ";
+
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(text,text,strlen(text));
+#endif
+
+        EVP_MD_CTX_init(&c);
+        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+
+        if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
+                {
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",md[i]);
+                printf(" <- generated\n");
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",pad1[i]);
+                printf(" <- correct\n");
+                ret=1;
+                }
+        else
+                printf("pad1 - ok\n");
+
+        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+        /* FIXME: use a ctl function? */
+        ((MDC2_CTX *)c.md_data)->pad_type=2;
+        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+
+        if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
+                {
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",md[i]);
+                printf(" <- generated\n");
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",pad2[i]);
+                printf(" <- correct\n");
+                ret=1;
+                }
+        else
+                printf("pad2 - ok\n");
+
+        EVP_MD_CTX_cleanup(&c);
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
+        EXIT(ret);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
new file mode 100644
index 0000000000..24ccf729ca
--- /dev/null
+++ b/src/lib/libcrypto/mem.c
@@ -0,0 +1,421 @@
+/* crypto/mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+
+
+static int allow_customize = 1;      /* we provide flexible functions for */
+static int allow_customize_debug = 1;/* exchanging memory-related functions at
+                                      * run-time, but this must be done
+                                      * before any blocks are actually
+                                      * allocated; or we'll run into huge
+                                      * problems when malloc/free pairs
+                                      * don't match etc. */
+
+
+
+/* the following pointers may be changed as long as 'allow_customize' is set */
+
+static void *(*malloc_func)(size_t)         = malloc;
+static void *default_malloc_ex(size_t num, const char *file, int line)
+        { return malloc_func(num); }
+static void *(*malloc_ex_func)(size_t, const char *file, int line)
+        = default_malloc_ex;
+
+static void *(*realloc_func)(void *, size_t)= realloc;
+static void *default_realloc_ex(void *str, size_t num,
+        const char *file, int line)
+        { return realloc_func(str,num); }
+static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
+        = default_realloc_ex;
+
+static void (*free_func)(void *)            = free;
+
+static void *(*malloc_locked_func)(size_t)  = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+        { return malloc_locked_func(num); }
+static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
+        = default_malloc_locked_ex;
+
+static void (*free_locked_func)(void *)     = free;
+
+
+
+/* may be changed as long as 'allow_customize_debug' is set */
+/* XXX use correct function pointer types */
+#ifdef CRYPTO_MDEBUG
+/* use default functions from mem_dbg.c */
+static void (*malloc_debug_func)(void *,int,const char *,int,int)
+        = CRYPTO_dbg_malloc;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = CRYPTO_dbg_realloc;
+static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
+#else
+/* applications can use CRYPTO_malloc_debug_init() to select above case
+ * at run-time */
+static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = NULL;
+static void (*free_debug_func)(void *,int) = NULL;
+static void (*set_debug_options_func)(long) = NULL;
+static long (*get_debug_options_func)(void) = NULL;
+#endif
+
+
+int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
+        void (*f)(void *))
+        {
+        OPENSSL_init();
+        if (!allow_customize)
+                return 0;
+        if ((m == 0) || (r == 0) || (f == 0))
+                return 0;
+        malloc_func=m; malloc_ex_func=default_malloc_ex;
+        realloc_func=r; realloc_ex_func=default_realloc_ex;
+        free_func=f;
+        malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+        free_locked_func=f;
+        return 1;
+        }
+
+int CRYPTO_set_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void *(*r)(void *, size_t,const char *,int),
+        void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == 0) || (r == 0) || (f == 0))
+                return 0;
+        malloc_func=0; malloc_ex_func=m;
+        realloc_func=0; realloc_ex_func=r;
+        free_func=f;
+        malloc_locked_func=0; malloc_locked_ex_func=m;
+        free_locked_func=f;
+        return 1;
+        }
+
+int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == NULL) || (f == NULL))
+                return 0;
+        malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+        free_locked_func=f;
+        return 1;
+        }
+
+int CRYPTO_set_locked_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == NULL) || (f == NULL))
+                return 0;
+        malloc_locked_func=0; malloc_locked_ex_func=m;
+        free_func=f;
+        return 1;
+        }
+
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+                                   void (*r)(void *,void *,int,const char *,int,int),
+                                   void (*f)(void *,int),
+                                   void (*so)(long),
+                                   long (*go)(void))
+        {
+        if (!allow_customize_debug)
+                return 0;
+        OPENSSL_init();
+        malloc_debug_func=m;
+        realloc_debug_func=r;
+        free_debug_func=f;
+        set_debug_options_func=so;
+        get_debug_options_func=go;
+        return 1;
+        }
+
+
+void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
+                             malloc_func : 0;
+        if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
+                             realloc_func : 0;
+        if (f != NULL) *f=free_func;
+        }
+
+void CRYPTO_get_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void *(**r)(void *, size_t,const char *,int),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
+                            malloc_ex_func : 0;
+        if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
+                            realloc_ex_func : 0;
+        if (f != NULL) *f=free_func;
+        }
+
+void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
+                             malloc_locked_func : 0;
+        if (f != NULL) *f=free_locked_func;
+        }
+
+void CRYPTO_get_locked_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+                            malloc_locked_ex_func : 0;
+        if (f != NULL) *f=free_locked_func;
+        }
+
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r)(void *,void *,int,const char *,int,int),
+                                    void (**f)(void *,int),
+                                    void (**so)(long),
+                                    long (**go)(void))
+        {
+        if (m != NULL) *m=malloc_debug_func;
+        if (r != NULL) *r=realloc_debug_func;
+        if (f != NULL) *f=free_debug_func;
+        if (so != NULL) *so=set_debug_options_func;
+        if (go != NULL) *go=get_debug_options_func;
+        }
+
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line)
+        {
+        void *ret = NULL;
+
+        if (num <= 0) return NULL;
+
+        allow_customize = 0;
+        if (malloc_debug_func != NULL)
+                {
+                allow_customize_debug = 0;
+                malloc_debug_func(NULL, num, file, line, 0);
+                }
+        ret = malloc_locked_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+        if (malloc_debug_func != NULL)
+                malloc_debug_func(ret, num, file, line, 1);
+
+#ifndef OPENSSL_CPUID_OBJ
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
+
+        return ret;
+        }
+
+void CRYPTO_free_locked(void *str)
+        {
+        if (free_debug_func != NULL)
+                free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+#endif
+        free_locked_func(str);
+        if (free_debug_func != NULL)
+                free_debug_func(NULL, 1);
+        }
+
+void *CRYPTO_malloc(int num, const char *file, int line)
+        {
+        void *ret = NULL;
+
+        if (num <= 0) return NULL;
+
+        allow_customize = 0;
+        if (malloc_debug_func != NULL)
+                {
+                allow_customize_debug = 0;
+                malloc_debug_func(NULL, num, file, line, 0);
+                }
+        ret = malloc_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+        if (malloc_debug_func != NULL)
+                malloc_debug_func(ret, num, file, line, 1);
+
+#ifndef OPENSSL_CPUID_OBJ
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+        {       extern unsigned char cleanse_ctr;
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+        }
+#endif
+
+        return ret;
+        }
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+        {
+        size_t len = strlen(str)+1;
+        char *ret = CRYPTO_malloc(len, file, line);
+
+        memcpy(ret, str, len);
+        return ret;
+        }
+
+void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+        {
+        void *ret = NULL;
+
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+
+        if (num <= 0) return NULL;
+
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, NULL, num, file, line, 0);
+        ret = realloc_ex_func(str,num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, ret, num, file, line, 1);
+
+        return ret;
+        }
+
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+                           int line)
+        {
+        void *ret = NULL;
+
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+
+        if (num <= 0) return NULL;
+
+        /* We don't support shrinking the buffer. Note the memcpy that copies
+         * |old_len| bytes to the new buffer, below. */
+        if (num < old_len) return NULL;
+
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, NULL, num, file, line, 0);
+        ret=malloc_ex_func(num,file,line);
+        if(ret)
+                {
+                memcpy(ret,str,old_len);
+                OPENSSL_cleanse(str,old_len);
+                free_func(str);
+                }
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr,
+                "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
+                str, ret, num);
+#endif
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, ret, num, file, line, 1);
+
+        return ret;
+        }
+
+void CRYPTO_free(void *str)
+        {
+        if (free_debug_func != NULL)
+                free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+#endif
+        free_func(str);
+        if (free_debug_func != NULL)
+                free_debug_func(NULL, 1);
+        }
+
+void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
+        {
+        if (a != NULL) OPENSSL_free(a);
+        a=(char *)OPENSSL_malloc(num);
+        return(a);
+        }
+
+void CRYPTO_set_mem_debug_options(long bits)
+        {
+        if (set_debug_options_func != NULL)
+                set_debug_options_func(bits);
+        }
+
+long CRYPTO_get_mem_debug_options(void)
+        {
+        if (get_debug_options_func != NULL)
+                return get_debug_options_func();
+        return 0;
+        }
diff --git a/src/lib/libcrypto/modes/Makefile b/src/lib/libcrypto/modes/Makefile
new file mode 100644
index 0000000000..3d8bafd571
--- /dev/null
+++ b/src/lib/libcrypto/modes/Makefile
@@ -0,0 +1,144 @@
+#
+# OpenSSL/crypto/modes/Makefile
+#
+
+DIR=    modes
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+MODES_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \
+        ccm128.c xts128.c
+LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \
+        ccm128.o xts128.o $(MODES_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+#EXHEADER= store.h str_compat.h
+EXHEADER= modes.h
+HEADER= modes_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+ghash-ia64.s:   asm/ghash-ia64.pl
+        $(PERL) asm/ghash-ia64.pl $@ $(CFLAGS)
+ghash-x86.s:    asm/ghash-x86.pl
+        $(PERL) asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ghash-x86_64.s: asm/ghash-x86_64.pl
+        $(PERL) asm/ghash-x86_64.pl $(PERLASM_SCHEME) > $@
+ghash-sparcv9.s:        asm/ghash-sparcv9.pl
+        $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
+ghash-alpha.s:  asm/ghash-alpha.pl
+        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+        $(PERL) asm/ghash-alpha.pl > $$preproc && \
+        $(CC) -E $$preproc > $@ && rm $$preproc)
+
+ghash-parisc.s: asm/ghash-parisc.pl
+        $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
+
+# GNU make "catch all"
+ghash-%.S:      asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
+
+ghash-armv4.o:  ghash-armv4.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cbc128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cbc128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cbc128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc128.o: ../../include/openssl/symhacks.h cbc128.c modes_lcl.h
+ccm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ccm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ccm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ccm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ccm128.o: ../../include/openssl/symhacks.h ccm128.c modes_lcl.h
+cfb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cfb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cfb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cfb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb128.o: ../../include/openssl/symhacks.h cfb128.c modes_lcl.h
+ctr128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ctr128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ctr128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ctr128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ctr128.o: ../../include/openssl/symhacks.h ctr128.c modes_lcl.h
+cts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cts128.o: ../../include/openssl/symhacks.h cts128.c modes_lcl.h
+gcm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gcm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+gcm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+gcm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+gcm128.o: ../../include/openssl/symhacks.h gcm128.c modes_lcl.h
+ofb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ofb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ofb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ofb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb128.o: ../../include/openssl/symhacks.h modes_lcl.h ofb128.c
+xts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+xts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+xts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+xts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+xts128.o: ../../include/openssl/symhacks.h modes_lcl.h xts128.c
diff --git a/src/lib/libcrypto/o_dir.c b/src/lib/libcrypto/o_dir.c
new file mode 100644
index 0000000000..42891ea459
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.c
@@ -0,0 +1,83 @@
+/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <errno.h>
+#include <e_os.h>
+
+/* The routines really come from the Levitte Programming, so to make
+   life simple, let's just use the raw files and hack the symbols to
+   fit our namespace.  */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP
+#include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+#include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+#include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+#include "LPdir_wince.c"
+#else
+#include "LPdir_nyi.c"
+#endif
diff --git a/src/lib/libcrypto/o_dir.h b/src/lib/libcrypto/o_dir.h
new file mode 100644
index 0000000000..4b725c0312
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.h
@@ -0,0 +1,53 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#ifndef O_DIR_H
+#define O_DIR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+  /* returns NULL on error or end-of-directory.
+     If it is end-of-directory, errno will be zero */
+  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+  /* returns 1 on success, 0 on error */
+  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LPDIR_H */
diff --git a/src/lib/libcrypto/o_dir_test.c b/src/lib/libcrypto/o_dir_test.c
new file mode 100644
index 0000000000..3d75ecb005
--- /dev/null
+++ b/src/lib/libcrypto/o_dir_test.c
@@ -0,0 +1,70 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "e_os2.h"
+#include "o_dir.h"
+
+#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
+#define CURRDIR "."
+#elif defined OPENSSL_SYS_VMS
+#define CURRDIR "SYS$DISK:[]"
+#else
+#error "No supported platform defined!"
+#endif
+
+int main()
+{
+  OPENSSL_DIR_CTX *ctx = NULL;
+  const char *result;
+
+  while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)
+    {
+      printf("%s\n", result);
+    }
+
+  if (errno)
+    {
+      perror("test_dir");
+      exit(1);
+    }
+
+  if (!OPENSSL_DIR_end(&ctx))
+    {
+      perror("test_dir");
+      exit(2);
+    }
+  exit(0);
+}
diff --git a/src/lib/libcrypto/o_fips.c b/src/lib/libcrypto/o_fips.c
new file mode 100644
index 0000000000..f6d1b21855
--- /dev/null
+++ b/src/lib/libcrypto/o_fips.c
@@ -0,0 +1,96 @@
+/* Written by Stephen henson (steve@openssl.org) for the OpenSSL
+ * project 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include <openssl/rand.h>
+#endif
+
+int FIPS_mode(void)
+        {
+        OPENSSL_init();
+#ifdef OPENSSL_FIPS
+        return FIPS_module_mode();
+#else
+        return 0;
+#endif
+        }
+
+int FIPS_mode_set(int r)
+        {
+        OPENSSL_init();
+#ifdef OPENSSL_FIPS
+#ifndef FIPS_AUTH_USER_PASS
+#define FIPS_AUTH_USER_PASS     "Default FIPS Crypto User Password"
+#endif
+        if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
+                return 0;
+        if (r)
+                RAND_set_rand_method(FIPS_rand_get_method());
+        else
+                RAND_set_rand_method(NULL);
+        return 1;
+#else
+        if (r == 0)
+                return 1;
+        CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
+        return 0;
+#endif
+        }
+
diff --git a/src/lib/libcrypto/o_str.h b/src/lib/libcrypto/o_str.h
new file mode 100644
index 0000000000..dfc98494c6
--- /dev/null
+++ b/src/lib/libcrypto/o_str.h
@@ -0,0 +1,68 @@
+/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_STR_H
+#define HEADER_O_STR_H
+
+#include <stddef.h>             /* to get size_t */
+
+int OPENSSL_strcasecmp(const char *str1, const char *str2);
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
+int OPENSSL_memcmp(const void *p1,const void *p2,size_t n);
+
+#endif
diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile
new file mode 100644
index 0000000000..a8aedbd422
--- /dev/null
+++ b/src/lib/libcrypto/objects/Makefile
@@ -0,0 +1,130 @@
+#
+# OpenSSL/crypto/objects/Makefile
+#
+
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+PERL=           perl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h obj_mac.h
+HEADER= $(EXHEADER) obj_dat.h obj_xref.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    obj_dat.h obj_xref.h lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+obj_dat.h: obj_dat.pl obj_mac.h
+        $(PERL) obj_dat.pl obj_mac.h obj_dat.h
+
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+        @sleep 1; touch obj_mac.h; sleep 1
+
+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
+        $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+        @sleep 1; touch obj_xref.h; sleep 1
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+o_names.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+obj_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+obj_err.o: obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+obj_lib.o: ../cryptlib.h obj_lib.c
+obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_xref.o: ../../include/openssl/opensslconf.h
+obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 4a548c2ed4..84380a96a9 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                 name_funcs_stack=sk_NAME_FUNCS_new_null();
                 MemCheck_on();
                 }
-        if (name_funcs_stack == NULL)
+        if ((name_funcs_stack == NULL))
                 {
                 /* ERROR */
                 return(0);
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl
index 15c00bbd52..d2bf659d88 100644
--- a/src/lib/libcrypto/objects/objects.pl
+++ b/src/lib/libcrypto/objects/objects.pl
@@ -110,12 +110,13 @@ print STDERR "Added OID $Cname\n";
         }
 close IN;
 
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-foreach (sort { $a <=> $b } keys %nidn)
-        {
-        print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-        }
-close NUMOUT;
+#XXX don't modify input files
+#open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+#foreach (sort { $a <=> $b } keys %nidn)
+#       {
+#       print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+#       }
+#close NUMOUT;
 
 open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
 print OUT <<'EOF';
diff --git a/src/lib/libcrypto/ocsp/Makefile b/src/lib/libcrypto/ocsp/Makefile
new file mode 100644
index 0000000000..60c414cf4d
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/Makefile
@@ -0,0 +1,213 @@
+#
+# OpenSSL/ocsp/Makefile
+#
+
+DIR=    ocsp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_asn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_asn.o: ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_err.o: ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_prn.o: ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_vfy.o: ocsp_vfy.c
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 276718304d..91a45c9133 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -111,7 +111,6 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                         init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
                 if(!init_res)
                         {
-                        ret = -1;
                         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
                         goto end;
                         }
diff --git a/src/lib/libcrypto/openssl.cnf b/src/lib/libcrypto/openssl.cnf
new file mode 100644
index 0000000000..bb97b155b8
--- /dev/null
+++ b/src/lib/libcrypto/openssl.cnf
@@ -0,0 +1,65 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = /dev/arandom
+
+####################################################################
+[ req ]
+default_bits            = 1024
+default_keyfile         = privkey.pem
+distinguished_name      = req_distinguished_name
+attributes              = req_attributes
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+#countryName_default            = AU
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+#stateOrProvinceName_default    = Some-State
+
+localityName                    = Locality Name (eg, city)
+
+0.organizationName              = Organization Name (eg, company)
+#0.organizationName_default     = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName             = Second Organization Name (eg, company)
+#1.organizationName_default     = CryptSoft Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName                      = Common Name (eg, fully qualified host name)
+commonName_max                  = 64
+
+emailAddress                    = Email Address
+emailAddress_max                = 64
+
+[ req_attributes ]
+challengePassword               = A challenge password
+challengePassword_min           = 4
+challengePassword_max           = 20
+
+unstructuredName                = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl               = http://www.cryptsoft.com/ca-crl.pem
+nsComment                       = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType                      = 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in
new file mode 100644
index 0000000000..97e3745563
--- /dev/null
+++ b/src/lib/libcrypto/opensslconf.h.in
@@ -0,0 +1,154 @@
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/local/lib/engines"
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index ebe7180723..71be3590af 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x1000107fL
+#define OPENSSL_VERSION_NUMBER  0x1000103fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c-fips 10 May 2012"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c 10 May 2012"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile
new file mode 100644
index 0000000000..2cc7801529
--- /dev/null
+++ b/src/lib/libcrypto/pem/Makefile
@@ -0,0 +1,258 @@
+#
+# OpenSSL/crypto/pem/Makefile
+#
+
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
+
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h pem2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links: $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_lib.o: pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pk8.o: ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pem_pkey.o: pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_sign.o: ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c
+pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index eac0460e3e..3e7a6093ad 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,61 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -277,59 +223,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -375,63 +269,8 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
-
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index cc7f24a9c1..1b2be527ed 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -167,7 +167,6 @@ start:
 #ifndef OPENSSL_NO_RSA
                         if (strcmp(name,PEM_STRING_RSA) == 0)
                         {
-                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
                                 if (!sk_X509_INFO_push(ret,xi)) goto err;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 5a421fc4b6..cfc89a9921 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -394,8 +394,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                         goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
-                if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
-                        goto err;
+                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
                 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
@@ -407,15 +406,12 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                 /* k=strlen(buf); */
 
                 EVP_CIPHER_CTX_init(&ctx);
-                ret = 1;
-                if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
-                        || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
-                        || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
-                        ret = 0;
+                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
+                EVP_EncryptUpdate(&ctx,data,&j,data,i);
+                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
                 EVP_CIPHER_CTX_cleanup(&ctx);
-                if (ret == 0)
-                        goto err;
                 i+=j;
+                ret=1;
                 }
         else
                 {
@@ -463,17 +459,14 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         ebcdic2ascii(buf, buf, klen);
 #endif
 
-        if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL))
-                return 0;
+        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL);
 
         j=(int)len;
         EVP_CIPHER_CTX_init(&ctx);
-        o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        if (o)
-                o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        if (o)
-                o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         OPENSSL_cleanse((char *)buf,sizeof(buf));
         OPENSSL_cleanse((char *)key,sizeof(key));
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index b6b4e13498..59690b56ae 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -96,8 +96,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         EVP_EncodeInit(&ctx->encode);
 
         EVP_MD_CTX_init(&ctx->md);
-        if (!EVP_SignInit(&ctx->md,md_type))
-                goto err;
+        EVP_SignInit(&ctx->md,md_type);
 
         EVP_CIPHER_CTX_init(&ctx->cipher);
         ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -164,8 +163,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 goto err;
                 }
 
-        if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
-                goto err;
+        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
         EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
         *outl=j;
         out+=j;
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
index 24561e759a..6fc2510905 100644
--- a/src/lib/libcrypto/perlasm/cbc.pl
+++ b/src/lib/libcrypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
         &blindpop("edx");
         &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-        &mov($count,&DWP(0,"ecx",$count,4));
+        &mov($count,&DWP(0,"ecx",$count,4))
         &add($count,"edx");
         &xor("ecx","ecx");
         &xor("edx","edx");
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
index eb543db2f6..bf783cff26 100644
--- a/src/lib/libcrypto/perlasm/x86asm.pl
+++ b/src/lib/libcrypto/perlasm/x86asm.pl
@@ -33,6 +33,13 @@ sub ::emit
     else            { push(@out,"\t$opcode\t".join(',',@_)."\n");       }
 }
 
+sub ::emitraw
+{ my $opcode=shift;
+
+    if ($#_==-1)    { push(@out,"$opcode\n");                           }
+    else            { push(@out,"$opcode\t".join(',',@_)."\n"); }
+}
+
 sub ::LB
 {   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
   $1."l";
@@ -218,7 +225,7 @@ sub ::asm_init
     $filename=$fn;
     $i386=$cpu;
 
-    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$openbsd=$android=0;
     if    (($type eq "elf"))
     {   $elf=1;                 require "x86gas.pl";    }
     elsif (($type eq "a\.out"))
@@ -235,6 +242,10 @@ sub ::asm_init
     {   $win32=1;               require "x86masm.pl";   }
     elsif (($type eq "macosx"))
     {   $aout=1; $macosx=1;     require "x86gas.pl";    }
+    elsif (($type eq "openbsd-elf"))
+    {   $openbsd=$elf=1;        require "x86gas.pl";    }
+    elsif (($type eq "openbsd-a.out"))
+    {   $openbsd=1;             require "x86gas.pl";    }
     elsif (($type eq "android"))
     {   $elf=1; $android=1;     require "x86gas.pl";    }
     else
@@ -244,6 +255,8 @@ Pick one target type from
         a.out   - DJGPP, elder OpenBSD, etc.
         coff    - GAS/COFF such as Win32 targets
         win32n  - Windows 95/Windows NT NASM format
+        openbsd-elf     - OpenBSD elf
+        openbsd-a.out   - OpenBSD a.out
         nw-nasm - NetWare NASM format
         macosx  - Mac OS X
 EOF
@@ -253,6 +266,7 @@ EOF
     $pic=0;
     for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
 
+    ::emitraw("#include <machine/asm.h>\n") if $openbsd;
     $filename =~ s/\.pl$//;
     &file($filename);
 }
diff --git a/src/lib/libcrypto/perlasm/x86gas.pl b/src/lib/libcrypto/perlasm/x86gas.pl
index 682a3a3163..d4baea514b 100644
--- a/src/lib/libcrypto/perlasm/x86gas.pl
+++ b/src/lib/libcrypto/perlasm/x86gas.pl
@@ -182,6 +182,15 @@ sub ::align
 sub ::picmeup
 { my($dst,$sym,$base,$reflabel)=@_;
 
+    if ($::openbsd)
+    {  &::emitraw("#if defined(PIC) || defined(__PIC__)");
+       &::emitraw("PIC_PROLOGUE");
+       &::mov($dst, &::DWP("PIC_GOT($sym)"));
+       &::emitraw("PIC_EPILOGUE");
+       &::emitraw("#else /* PIC */");
+       &::lea($dst,&::DWP($sym));
+       &::emitraw("#endif /* PIC */");
+    }
     if (($::pic && ($::elf || $::aout)) || $::macosx)
     {   if (!defined($base))
         {   &::call(&::label("PIC_me_up"));
@@ -208,7 +217,17 @@ sub ::picmeup
 sub ::initseg
 { my $f=$nmdecor.shift;
 
-    if ($::android)
+    if ($::openbsd)
+    {   $initseg.=<<___;
+.section        .init
+PIC_PROLOGUE
+        call    PIC_PLT($f)
+PIC_EPILOGUE
+        jmp     .Linitalign
+.align  $align
+.Linitalign:
+___
+    } elsif ($::android)
     {   $initseg.=<<___;
 .section        .init_array
 .align  4
diff --git a/src/lib/libcrypto/perlasm/x86masm.pl b/src/lib/libcrypto/perlasm/x86masm.pl
new file mode 100644
index 0000000000..f937d07c87
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86masm.pl
@@ -0,0 +1,198 @@
+#!/usr/bin/env perl
+
+package x86masm;
+
+*out=\@::out;
+
+$::lbdecor="\$L";       # local label decoration
+$nmdecor="_";           # external name decoration
+
+$initseg="";
+$segment="";
+
+sub ::generic
+{ my ($opcode,@arg)=@_;
+
+    # fix hexadecimal constants
+    for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
+
+    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/)  # no []
+    {   $opcode="mov";  }
+    elsif ($opcode !~ /movq/)
+    {   # fix xmm references
+        $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i);
+        $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
+    }
+
+    &::emit($opcode,@arg);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr  { &::emit("call",@_);   }
+sub ::jmp_ptr   { &::emit("jmp",@_);    }
+sub ::lock      { &::data_byte(0xf0);   }
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    $ret .= "$size PTR " if ($size ne "");
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {   if ($addr !~ /^-/)      { $ret .= "$addr";  }
+        else                    { $post=$addr;      }
+    }
+    $ret .= "[";
+
+    if ($reg2 ne "")
+    {   $idx!=0 or $idx=1;
+        $ret .= "$reg2*$idx";
+        $ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {   $ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+    $ret =~ s/\[\s*\]//;
+
+  $ret;
+}
+sub ::BP        { &get_mem("BYTE",@_);  }
+sub ::WP        { &get_mem("WORD",@_);  }
+sub ::DWP       { &get_mem("DWORD",@_); }
+sub ::QWP       { &get_mem("QWORD",@_); }
+sub ::BC        { "@_";  }
+sub ::DWC       { "@_"; }
+
+sub ::file
+{ my $tmp=<<___;
+TITLE   $_[0].asm
+IF \@Version LT 800
+ECHO MASM version 8.00 or later is strongly recommended.
+ENDIF
+.486
+.MODEL  FLAT
+OPTION  DOTNAME
+IF \@Version LT 800
+.text\$ SEGMENT PAGE 'CODE'
+ELSE
+.text\$ SEGMENT ALIGN(64) 'CODE'
+ENDIF
+___
+    push(@out,$tmp);
+    $segment = ".text\$";
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func="ALIGN\t16\n".$nmdecor.$func."\tPROC";
+
+    if ($global)    { $func.=" PUBLIC\n${begin}::\n"; }
+    else            { $func.=" PRIVATE\n";            }
+    push(@out,$func);
+    $::stack=4;
+}
+sub ::function_end_B
+{ my $func=shift;
+
+    push(@out,"$nmdecor$func ENDP\n");
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{ my $xmmheader=<<___;
+.686
+.XMM
+IF \@Version LT 800
+XMMWORD STRUCT 16
+DQ      2 dup (?)
+XMMWORD ENDS
+ENDIF
+___
+    if (grep {/\b[x]?mm[0-7]\b/i} @out) {
+        grep {s/\.[3-7]86/$xmmheader/} @out;
+    }
+
+    push(@out,"$segment ENDS\n");
+
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {   my $comm=<<___;
+.bss    SEGMENT 'BSS'
+COMM    ${nmdecor}OPENSSL_ia32cap_P:QWORD
+.bss    ENDS
+___
+        # comment out OPENSSL_ia32cap_P declarations
+        grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+        push (@out,$comm);
+    }
+    push (@out,$initseg) if ($initseg);
+    push (@out,"END\n");
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+*::set_label_B = sub
+{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); };
+
+sub ::external_label
+{   foreach(@_)
+    {   push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n");   }
+}
+
+sub ::public_label
+{   push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::data_byte
+{   push(@out,("DB\t").join(',',@_)."\n");      }
+
+sub ::data_short
+{   push(@out,("DW\t").join(',',@_)."\n");      }
+
+sub ::data_word
+{   push(@out,("DD\t").join(',',@_)."\n");      }
+
+sub ::align
+{   push(@out,"ALIGN\t$_[0]\n");        }
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    $initseg.=<<___;
+.CRT\$XCU       SEGMENT DWORD PUBLIC 'DATA'
+EXTERN  $f:NEAR
+DD      $f
+.CRT\$XCU       ENDS
+___
+}
+
+sub ::dataseg
+{   push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA";   }
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"IF \@Version GE 710\n");
+    push(@out,".SAFESEH ".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"ENDIF\n");
+}
+
+1;
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
new file mode 100644
index 0000000000..ca2511c9eb
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -0,0 +1,177 @@
+#!/usr/bin/env perl
+
+package x86nasm;
+
+*out=\@::out;
+
+$::lbdecor="L\$";               # local label decoration
+$nmdecor=$::netware?"":"_";     # external name decoration
+$drdecor=$::mwerks?".":"";      # directive decoration
+
+$initseg="";
+
+sub ::generic
+{ my $opcode=shift;
+  my $tmp;
+
+    if (!$::mwerks)
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
+        {   $_[0] = "NEAR $_[0]";       }
+        elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
+        {   $_[1] =~ s/^[^\[]*\[/\[/o;  }
+        elsif ($opcode eq "clflush" && $#_==0)
+        {   $_[0] =~ s/^[^\[]*\[/\[/o;  }
+    }
+    &::emit($opcode,@_);
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr  { &::emit("call",@_);   }
+sub ::jmp_ptr   { &::emit("jmp",@_);    }
+
+sub get_mem
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
+
+    if ($size ne "")
+    {   $ret .= "$size";
+        $ret .= " PTR" if ($::mwerks);
+        $ret .= " ";
+    }
+    $ret .= "[";
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
+    # put address arithmetic expression in parenthesis
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
+
+    if (($addr ne "") && ($addr ne 0))
+    {   if ($addr !~ /^-/)      { $ret .= "$addr+"; }
+        else                    { $post=$addr;      }
+    }
+
+    if ($reg2 ne "")
+    {   $idx!=0 or $idx=1;
+        $ret .= "$reg2*$idx";
+        $ret .= "+$reg1" if ($reg1 ne "");
+    }
+    else
+    {   $ret .= "$reg1";   }
+
+    $ret .= "$post]";
+    $ret =~ s/\+\]/]/; # in case $addr was the only argument
+
+  $ret;
+}
+sub ::BP        { &get_mem("BYTE",@_);  }
+sub ::DWP       { &get_mem("DWORD",@_); }
+sub ::WP        { &get_mem("WORD",@_);  }
+sub ::QWP       { &get_mem("",@_);      }
+sub ::BC        { (($::mwerks)?"":"BYTE ")."@_";  }
+sub ::DWC       { (($::mwerks)?"":"DWORD ")."@_"; }
+
+sub ::file
+{   if ($::mwerks)      { push(@out,".section\t.text,64\n"); }
+    else
+    { my $tmp=<<___;
+%ifidn __OUTPUT_FORMAT__,obj
+section code    use32 class=code align=64
+%elifidn __OUTPUT_FORMAT__,win32
+\$\@feat.00 equ 1
+section .text   code align=64
+%else
+section .text   code
+%endif
+___
+        push(@out,$tmp);
+    }
+}
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    $begin =~ s/^\@/./ if ($::mwerks);  # the torture never stops
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,"${drdecor}global $func\n")       if ($global);
+    push(@out,"${drdecor}align  16\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")                      if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{   $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::file_end
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
+    {   my $comm=<<___;
+${drdecor}segment       .bss
+${drdecor}common        ${nmdecor}OPENSSL_ia32cap_P 8
+___
+        # comment out OPENSSL_ia32cap_P declarations
+        grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
+        push (@out,$comm)
+    }
+    push (@out,$initseg) if ($initseg);         
+}
+
+sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
+
+sub ::external_label
+{   foreach(@_)
+    {   push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
+}
+
+sub ::public_label
+{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
+
+sub ::data_byte
+{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");        }
+sub ::data_short
+{   push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n");        }
+sub ::data_word
+{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");        }
+
+sub ::align
+{   push(@out,"${drdecor}align\t$_[0]\n");      }
+
+sub ::picmeup
+{ my($dst,$sym)=@_;
+    &::lea($dst,&::DWP($sym));
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+    if ($::win32)
+    {   $initseg=<<___;
+segment .CRT\$XCU data align=4
+extern  $f
+dd      $f
+___
+    }
+}
+
+sub ::dataseg
+{   if ($mwerks)        { push(@out,".section\t.data,4\n");   }
+    else                { push(@out,"section\t.data align=4\n"); }
+}
+
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"%if      __NASM_VERSION_ID__ >= 0x02030000\n");
+    push(@out,"safeseh  ".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"%endif\n");
+}
+
+1;
diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile
new file mode 100644
index 0000000000..3a7498fe7a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/Makefile
@@ -0,0 +1,286 @@
+#
+# OpenSSL/crypto/pkcs12/Makefile
+#
+
+DIR=    pkcs12
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+        p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+        p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs12.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+p12_add.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_asn.o: ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_attr.o: ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crpt.o: ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_decr.o: ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_init.o: ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_kiss.o: ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_npas.o: p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk12err.o: pk12err.c
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index a34915d02d..96b131defa 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -90,14 +90,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         /* Set defaults */
         if (!nid_cert)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-                }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 61d58502fd..c55c7b60b3 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -176,32 +176,24 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                 out += u;
                 for (j = 0; j < v; j++) B[j] = Ai[j % u];
                 /* Work out B + 1 first then can use B as tmp space */
-                if (!BN_bin2bn (B, v, Bpl1))
-                        goto err;
-                if (!BN_add_word (Bpl1, 1))
-                        goto err;
+                if (!BN_bin2bn (B, v, Bpl1)) goto err;
+                if (!BN_add_word (Bpl1, 1)) goto err;
                 for (j = 0; j < Ilen ; j+=v) {
-                        if (!BN_bin2bn(I + j, v, Ij))
-                                goto err;
-                        if (!BN_add(Ij, Ij, Bpl1))
-                                goto err;
-                        if (!BN_bn2bin(Ij, B))
-                                goto err;
+                        if (!BN_bin2bn (I + j, v, Ij)) goto err;
+                        if (!BN_add (Ij, Ij, Bpl1)) goto err;
+                        BN_bn2bin (Ij, B);
                         Ijlen = BN_num_bytes (Ij);
                         /* If more than 2^(v*8) - 1 cut off MSB */
                         if (Ijlen > v) {
-                                if (!BN_bn2bin (Ij, B))
-                                        goto err;
+                                BN_bn2bin (Ij, B);
                                 memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                         /* If less than v bytes pad with zeroes */
                         } else if (Ijlen < v) {
                                 memset(I + j, 0, v - Ijlen);
-                                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
-                                        goto err;
+                                BN_bn2bin(Ij, I + j + v - Ijlen); 
 #endif
-                        } else if (!BN_bn2bin (Ij, I + j))
-                                goto err;
+                        } else BN_bn2bin (Ij, I + j);
                 }
         }
 
diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile
new file mode 100644
index 0000000000..56dc6823d1
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/Makefile
@@ -0,0 +1,194 @@
+#
+# OpenSSL/crypto/pkcs7/Makefile
+#
+
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c bio_pk7.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+        pk7_mime.o bio_pk7.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+testapps: enc dec sign verify
+
+enc: enc.o lib
+        $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+dec: dec.o lib
+        $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+sign: sign.o lib
+        $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+verify: verify.o example.o lib
+        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c
+pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_attr.o: ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_attr.o: ../../include/openssl/x509_vfy.h pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_mime.o: ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_smime.o: ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+pkcs7err.o: ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
new file mode 100644
index 0000000000..31973fcd1f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -0,0 +1,466 @@
+/* crypto/evp/bio_ber.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int ber_write(BIO *h,char *buf,int num);
+static int ber_read(BIO *h,char *buf,int size);
+/*static int ber_puts(BIO *h,char *str); */
+/*static int ber_gets(BIO *h,char *str,int size); */
+static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ber_new(BIO *h);
+static int ber_free(BIO *data);
+static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
+#define BER_BUF_SIZE    (32)
+
+/* This is used to hold the state of the BER objects being read. */
+typedef struct ber_struct
+        {
+        int tag;
+        int class;
+        long length;
+        int inf;
+        int num_left;
+        int depth;
+        } BER_CTX;
+
+typedef struct bio_ber_struct
+        {
+        int tag;
+        int class;
+        long length;
+        int inf;
+
+        /* most of the following are used when doing non-blocking IO */
+        /* reading */
+        long num_left;  /* number of bytes still to read/write in block */
+        int depth;      /* used with indefinite encoding. */
+        int finished;   /* No more read data */
+
+        /* writting */ 
+        char *w_addr;
+        int w_offset;
+        int w_left;
+
+        int buf_len;
+        int buf_off;
+        unsigned char buf[BER_BUF_SIZE];
+        } BIO_BER_CTX;
+
+static BIO_METHOD methods_ber=
+        {
+        BIO_TYPE_CIPHER,"cipher",
+        ber_write,
+        ber_read,
+        NULL, /* ber_puts, */
+        NULL, /* ber_gets, */
+        ber_ctrl,
+        ber_new,
+        ber_free,
+        ber_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_ber(void)
+        {
+        return(&methods_ber);
+        }
+
+static int ber_new(BIO *bi)
+        {
+        BIO_BER_CTX *ctx;
+
+        ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
+        if (ctx == NULL) return(0);
+
+        memset((char *)ctx,0,sizeof(BIO_BER_CTX));
+
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int ber_free(BIO *a)
+        {
+        BIO_BER_CTX *b;
+
+        if (a == NULL) return(0);
+        b=(BIO_BER_CTX *)a->ptr;
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+
+int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
+        {
+        char buf[64];
+        int i,j,n;
+        int ret;
+        unsigned char *p;
+        unsigned long length
+        int tag;
+        int class;
+        long max;
+
+        BIO_clear_retry_flags(b);
+
+        /* Pack the buffer down if there is a hole at the front */
+        if (ctx->buf_off != 0)
+                {
+                p=ctx->buf;
+                j=ctx->buf_off;
+                n=ctx->buf_len-j;
+                for (i=0; i<n; i++)
+                        {
+                        p[0]=p[j];
+                        p++;
+                        }
+                ctx->buf_len-j;
+                ctx->buf_off=0;
+                }
+
+        /* If there is more room, read some more data */
+        i=BER_BUF_SIZE-ctx->buf_len;
+        if (i)
+                {
+                i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                else
+                        ctx->buf_len+=i;
+                }
+
+        max=ctx->buf_len;
+        p=ctx->buf;
+        ret=ASN1_get_object(&p,&length,&tag,&class,max);
+
+        if (ret & 0x80)
+                {
+                if ((ctx->buf_len < BER_BUF_SIZE) &&
+                        (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
+                        {
+                        ERR_clear_error(); /* clear the error */
+                        BIO_set_retry_read(b);
+                        }
+                return(-1);
+                }
+
+        /* We have no error, we have a header, so make use of it */
+
+        if ((ctx->tag  >= 0) && (ctx->tag != tag))
+                {
+                BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
+                sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
+                ERR_add_error_data(1,buf);
+                return(-1);
+                }
+        if (ret & 0x01)
+        if (ret & V_ASN1_CONSTRUCTED)
+        }
+        
+static int ber_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i,n;
+        BIO_BER_CTX *ctx;
+
+        BIO_clear_retry_flags(b);
+
+        if (out == NULL) return(0);
+        ctx=(BIO_BER_CTX *)b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        if (ctx->finished) return(0);
+
+again:
+        /* First see if we are half way through reading a block */
+        if (ctx->num_left > 0)
+                {
+                if (ctx->num_left < outl)
+                        n=ctx->num_left;
+                else
+                        n=outl;
+                i=BIO_read(b->next_bio,out,n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->num_left-=i;
+                outl-=i;
+                ret+=i;
+                if (ctx->num_left <= 0)
+                        {
+                        ctx->depth--;
+                        if (ctx->depth <= 0)
+                                ctx->finished=1;
+                        }
+                if (outl <= 0)
+                        return(ret);
+                else
+                        goto again;
+                }
+        else    /* we need to read another BER header */
+                {
+                }
+        }
+
+static int ber_write(BIO *b, char *in, int inl)
+        {
+        int ret=0,n,i;
+        BIO_ENC_CTX *ctx;
+
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        ret=inl;
+
+        BIO_clear_retry_flags(b);
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+
+        ctx->buf_off=0;
+        while (inl > 0)
+                {
+                n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+                EVP_CipherUpdate(&(ctx->cipher),
+                        (unsigned char *)ctx->buf,&ctx->buf_len,
+                        (unsigned char *)in,n);
+                inl-=n;
+                in+=n;
+
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return(i);
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
+        {
+        BIO *dbio;
+        BIO_ENC_CTX *ctx,*dctx;
+        long ret=1;
+        int i;
+
+        ctx=(BIO_ENC_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ok=1;
+                ctx->finished=0;
+                EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
+                        ctx->cipher.berrypt);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=ber_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+
+                if (!ctx->finished)
+                        {
+                        ctx->finished=1;
+                        ctx->buf_off=0;
+                        ret=EVP_CipherFinal_ex(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        ctx->ok=(int)ret;
+                        if (ret <= 0) break;
+
+                        /* push out the bytes */
+                        goto again;
+                        }
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_CIPHER_STATUS:
+                ret=(long)ctx->ok;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                dctx=(BIO_ENC_CTX *)dbio->ptr;
+                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                dbio->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+        {
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+*/
+
+void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
+             int e)
+        {
+        BIO_ENC_CTX *ctx;
+
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+
diff --git a/src/lib/libcrypto/pkcs7/dec.c b/src/lib/libcrypto/pkcs7/dec.c
new file mode 100644
index 0000000000..6752ec568a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/dec.c
@@ -0,0 +1,248 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+BIO *bio_err=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        char *keyfile=NULL;
+        BIO *in;
+        EVP_PKEY *pkey;
+        X509 *x509;
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        unsigned char *pp;
+        int i,printit=0;
+        STACK_OF(PKCS7_SIGNER_INFO) *sk;
+
+        OpenSSL_add_all_algorithms();
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+        data=BIO_new(BIO_s_file());
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
+                        keyfile = argv[1];
+                        argc-=1;
+                        argv+=1;
+                } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc-=1;
+                        argv+=1;
+                        }
+                else break;
+                }
+
+         if (!BIO_read_filename(data,argv[0])) goto err; 
+
+        if(!keyfile) {
+                fprintf(stderr, "No private key file specified\n");
+                goto err;
+        }
+
+        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
+                goto err;
+        BIO_free(in);
+
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
+
+
+
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+
+        ERR_clear_error();
+
+        /* We need to process the data */
+        /* We cannot support detached encryption */
+        p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
+
+        if (p7bio == NULL)
+                {
+                printf("problems decoding\n");
+                goto err;
+                }
+
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                fwrite(buf,1, i, stdout);
+                }
+
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                fprintf(stderr, "there are no signatures on this data\n");
+                }
+        else
+                {
+                /* Ok, first we need to, for each subject entry,
+                 * see if we can verify */
+                ERR_clear_error();
+                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
+                        {
+                        si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+                        i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                        if (i <= 0)
+                                goto err;
+                        else
+                                fprintf(stderr,"Signature verified\n");
+                        }
+                }
+        X509_STORE_free(cert_store);
+
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/pkcs7/des.pem b/src/lib/libcrypto/pkcs7/des.pem
new file mode 100644
index 0000000000..62d1657e3e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/des.pem
@@ -0,0 +1,15 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+
diff --git a/src/lib/libcrypto/pkcs7/doc b/src/lib/libcrypto/pkcs7/doc
new file mode 100644
index 0000000000..d2e8b7b2a3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/doc
@@ -0,0 +1,24 @@
+int PKCS7_set_content_type(PKCS7 *p7, int type);
+Call to set the type of PKCS7 object we are working on
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        EVP_MD *dgst);
+Use this to setup a signer info
+There will also be functions to add signed and unsigned attributes.
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+Add a signer info to the content.
+
+int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+
+----
+
+p7=PKCS7_new();
+PKCS7_set_content_type(p7,NID_pkcs7_signed);
+
+signer=PKCS7_SINGNER_INFO_new();
+PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
+PKCS7_add_signer(py,signer);
+
+we are now setup.
diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c
new file mode 100644
index 0000000000..7417f8a4e0
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/enc.c
@@ -0,0 +1,174 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        PKCS7 *p7;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i;
+        int nodetach=1;
+        char *keyfile = NULL;
+        const EVP_CIPHER *cipher=NULL;
+        STACK_OF(X509) *recips=NULL;
+
+        OpenSSL_add_all_algorithms();
+
+        data=BIO_new(BIO_s_file());
+        while(argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        }
+                else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
+                        if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
+                                fprintf(stderr, "Unknown cipher %s\n", argv[2]);
+                                goto err;
+                        }
+                        argc-=2;
+                        argv+=2;
+                } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
+                        keyfile = argv[2];
+                        argc-=2;
+                        argv+=2;
+                        if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+                        if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
+                                goto err;
+                        if(!recips) recips = sk_X509_new_null();
+                        sk_X509_push(recips, x509);
+                        BIO_free(in);
+                } else break;
+        }
+
+        if(!recips) {
+                fprintf(stderr, "No recipients\n");
+                goto err;
+        }
+
+        if (!BIO_read_filename(data,argv[1])) goto err;
+
+        p7=PKCS7_new();
+#if 0
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+#else
+        PKCS7_set_type(p7,NID_pkcs7_enveloped);
+#endif
+        if(!cipher)     {
+#ifndef OPENSSL_NO_DES
+                cipher = EVP_des_ede3_cbc();
+#else
+                fprintf(stderr, "No cipher selected\n");
+                goto err;
+#endif
+        }
+
+        if (!PKCS7_set_cipher(p7,cipher)) goto err;
+        for(i = 0; i < sk_X509_num(recips); i++) {
+                if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+        }
+        sk_X509_pop_free(recips, X509_free);
+
+        /* Set the content of the signed to 'data' */
+        /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+
+        /* could be used, but not in this version :-)
+        if (!nodetach) PKCS7_set_detached(p7,1);
+        */
+
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        BIO_flush(p7bio);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+
diff --git a/src/lib/libcrypto/pkcs7/es1.pem b/src/lib/libcrypto/pkcs7/es1.pem
new file mode 100644
index 0000000000..47112a238f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/es1.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
+KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
+ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
+XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
+II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
+pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
+lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
+8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
+otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
+go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
+XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
+KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
+Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
+r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
+l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
+mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
+l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
+HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
+gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
+TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
+5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
+SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
+y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
+9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
+nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
+Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
+LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
+tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
+SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
+8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
+wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
+uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
+RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
+Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
+o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
+WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
+Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
+YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
+CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
+DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
+ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
+kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
+1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
+xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
+IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
+7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
+qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
+X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
+DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
+UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
+gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
+PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
+5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
+y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
+lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
+lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
new file mode 100644
index 0000000000..2953d04b5c
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -0,0 +1,329 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pkcs7.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+int add_signed_time(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_UTCTIME *sign_time;
+
+        /* The last parameter is the amount to add/subtract from the current
+         * time (in seconds) */
+        sign_time=X509_gmtime_adj(NULL,0);
+        PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
+                V_ASN1_UTCTIME,(char *)sign_time);
+        return(1);
+        }
+
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_TYPE *so;
+
+        so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+        if (so->type == V_ASN1_UTCTIME)
+            return so->value.utctime;
+        return NULL;
+        }
+        
+static int signed_string_nid= -1;
+
+void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+        {
+        ASN1_OCTET_STRING *os;
+
+        /* To a an object of OID 1.2.3.4.5, which is an octet string */
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        os=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+        /* When we add, we do not free */
+        PKCS7_add_signed_attribute(si,signed_string_nid,
+                V_ASN1_OCTET_STRING,(char *)os);
+        }
+
+int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+        {
+        ASN1_TYPE *so;
+        ASN1_OCTET_STRING *os;
+        int i;
+
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(si,signed_string_nid);
+        if (so != NULL)
+                {
+                if (so->type == V_ASN1_OCTET_STRING)
+                        {
+                        os=so->value.octet_string;
+                        i=os->length;
+                        if ((i+1) > len)
+                                i=len-1;
+                        memcpy(buf,os->data,i);
+                        return(i);
+                        }
+                }
+        return(0);
+        }
+
+static int signed_seq2string_nid= -1;
+/* ########################################### */
+int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+        {
+        /* To add an object of OID 1.9.999, which is a sequence containing
+         * 2 octet strings */
+        unsigned char *p;
+        ASN1_OCTET_STRING *os1,*os2;
+        ASN1_STRING *seq;
+        unsigned char *data;
+        int i,total;
+
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+
+        os1=ASN1_OCTET_STRING_new();
+        os2=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+        ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
+        i =i2d_ASN1_OCTET_STRING(os1,NULL);
+        i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+        total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+        data=malloc(total);
+        p=data;
+        ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_OCTET_STRING(os1,&p);
+        i2d_ASN1_OCTET_STRING(os2,&p);
+
+        seq=ASN1_STRING_new();
+        ASN1_STRING_set(seq,data,total);
+        free(data);
+        ASN1_OCTET_STRING_free(os1);
+        ASN1_OCTET_STRING_free(os2);
+
+        PKCS7_add_signed_attribute(si,signed_seq2string_nid,
+                V_ASN1_SEQUENCE,(char *)seq);
+        return(1);
+        }
+
+/* For this case, I will malloc the return strings */
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+        {
+        ASN1_TYPE *so;
+
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
+        if (so && (so->type == V_ASN1_SEQUENCE))
+                {
+                ASN1_const_CTX c;
+                ASN1_STRING *s;
+                long length;
+                ASN1_OCTET_STRING *os1,*os2;
+
+                s=so->value.sequence;
+                c.p=ASN1_STRING_data(s);
+                c.max=c.p+ASN1_STRING_length(s);
+                if (!asn1_GetSequence(&c,&length)) goto err;
+                /* Length is the length of the seqence */
+
+                c.q=c.p;
+                if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+
+                c.q=c.p;
+                if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+
+                if (!asn1_const_Finish(&c)) goto err;
+                *str1=malloc(os1->length+1);
+                *str2=malloc(os2->length+1);
+                memcpy(*str1,os1->data,os1->length);
+                memcpy(*str2,os2->data,os2->length);
+                (*str1)[os1->length]='\0';
+                (*str2)[os2->length]='\0';
+                ASN1_OCTET_STRING_free(os1);
+                ASN1_OCTET_STRING_free(os2);
+                return(1);
+                }
+err:
+        return(0);
+        }
+
+
+/* #######################################
+ * THE OTHER WAY TO DO THINGS
+ * #######################################
+ */
+X509_ATTRIBUTE *create_time(void)
+        {
+        ASN1_UTCTIME *sign_time;
+        X509_ATTRIBUTE *ret;
+
+        /* The last parameter is the amount to add/subtract from the current
+         * time (in seconds) */
+        sign_time=X509_gmtime_adj(NULL,0);
+        ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+                V_ASN1_UTCTIME,(char *)sign_time);
+        return(ret);
+        }
+
+ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        ASN1_TYPE *so;
+        PKCS7_SIGNER_INFO si;
+
+        si.auth_attr=sk;
+        so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+        if (so->type == V_ASN1_UTCTIME)
+            return so->value.utctime;
+        return NULL;
+        }
+        
+X509_ATTRIBUTE *create_string(char *str)
+        {
+        ASN1_OCTET_STRING *os;
+        X509_ATTRIBUTE *ret;
+
+        /* To a an object of OID 1.2.3.4.5, which is an octet string */
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        os=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+        /* When we add, we do not free */
+        ret=X509_ATTRIBUTE_create(signed_string_nid,
+                V_ASN1_OCTET_STRING,(char *)os);
+        return(ret);
+        }
+
+int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+        {
+        ASN1_TYPE *so;
+        ASN1_OCTET_STRING *os;
+        int i;
+        PKCS7_SIGNER_INFO si;
+
+        si.auth_attr=sk;
+
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(&si,signed_string_nid);
+        if (so != NULL)
+                {
+                if (so->type == V_ASN1_OCTET_STRING)
+                        {
+                        os=so->value.octet_string;
+                        i=os->length;
+                        if ((i+1) > len)
+                                i=len-1;
+                        memcpy(buf,os->data,i);
+                        return(i);
+                        }
+                }
+        return(0);
+        }
+
+X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+        {
+        /* To add an object of OID 1.9.999, which is a sequence containing
+         * 2 octet strings */
+        unsigned char *p;
+        ASN1_OCTET_STRING *os1,*os2;
+        ASN1_STRING *seq;
+        X509_ATTRIBUTE *ret;
+        unsigned char *data;
+        int i,total;
+
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+
+        os1=ASN1_OCTET_STRING_new();
+        os2=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+        ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
+        i =i2d_ASN1_OCTET_STRING(os1,NULL);
+        i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+        total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+        data=malloc(total);
+        p=data;
+        ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_OCTET_STRING(os1,&p);
+        i2d_ASN1_OCTET_STRING(os2,&p);
+
+        seq=ASN1_STRING_new();
+        ASN1_STRING_set(seq,data,total);
+        free(data);
+        ASN1_OCTET_STRING_free(os1);
+        ASN1_OCTET_STRING_free(os2);
+
+        ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
+                V_ASN1_SEQUENCE,(char *)seq);
+        return(ret);
+        }
+
+/* For this case, I will malloc the return strings */
+int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+        {
+        ASN1_TYPE *so;
+        PKCS7_SIGNER_INFO si;
+
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+
+        si.auth_attr=sk;
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
+        if (so->type == V_ASN1_SEQUENCE)
+                {
+                ASN1_const_CTX c;
+                ASN1_STRING *s;
+                long length;
+                ASN1_OCTET_STRING *os1,*os2;
+
+                s=so->value.sequence;
+                c.p=ASN1_STRING_data(s);
+                c.max=c.p+ASN1_STRING_length(s);
+                if (!asn1_GetSequence(&c,&length)) goto err;
+                /* Length is the length of the seqence */
+
+                c.q=c.p;
+                if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+
+                c.q=c.p;
+                if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+
+                if (!asn1_const_Finish(&c)) goto err;
+                *str1=malloc(os1->length+1);
+                *str2=malloc(os2->length+1);
+                memcpy(*str1,os1->data,os1->length);
+                memcpy(*str2,os2->data,os2->length);
+                (*str1)[os1->length]='\0';
+                (*str2)[os2->length]='\0';
+                ASN1_OCTET_STRING_free(os1);
+                ASN1_OCTET_STRING_free(os2);
+                return(1);
+                }
+err:
+        return(0);
+        }
+
+
diff --git a/src/lib/libcrypto/pkcs7/example.h b/src/lib/libcrypto/pkcs7/example.h
new file mode 100644
index 0000000000..96167de188
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.h
@@ -0,0 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+int add_signed_time(PKCS7_SIGNER_INFO *si);
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/src/lib/libcrypto/pkcs7/info.pem b/src/lib/libcrypto/pkcs7/info.pem
new file mode 100644
index 0000000000..989baf8709
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/info.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/infokey.pem b/src/lib/libcrypto/pkcs7/infokey.pem
new file mode 100644
index 0000000000..1e2acc954d
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/infokey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/p7/a1 b/src/lib/libcrypto/pkcs7/p7/a1
new file mode 100644
index 0000000000..56ca943762
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_æá_­DôzEîLœ VJ³ß觬¤””E3ûáYäx%_Àk
+3ê)DLScñ8%ôM
\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/a2 b/src/lib/libcrypto/pkcs7/p7/a2
new file mode 100644
index 0000000000..23d8fb5e93
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a”,NâM͹¼ 
<O( KP—騠¤K²>­×U¿o_½
BqrmÎ?Ù t?t÷�Ï�éId2‰Š
\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/cert.p7c b/src/lib/libcrypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000000..2b75ec05f7
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/cert.p7c
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7m b/src/lib/libcrypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000000..2b6e6f82ba
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7m
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7s b/src/lib/libcrypto/pkcs7/p7/smime.p7s
new file mode 100644
index 0000000000..2b5d4fb0e3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7s
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
new file mode 100644
index 0000000000..90edfa5001
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,66 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
new file mode 100644
index 0000000000..acbb189c59
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -0,0 +1,76 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+PKCS7_in_bio(PKCS7 *p7,BIO *in);
+PKCS7_out_bio(PKCS7 *p7,BIO *out);
+
+PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
+
diff --git a/src/lib/libcrypto/pkcs7/server.pem b/src/lib/libcrypto/pkcs7/server.pem
new file mode 100644
index 0000000000..750aac2094
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c
new file mode 100644
index 0000000000..8b59885f7e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/sign.c
@@ -0,0 +1,154 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i;
+        int nodetach=0;
+
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
+        EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
+        EVP_add_digest(EVP_mdc2());
+#endif
+
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signed);
+         
+        si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
+        if (si == NULL) goto err;
+
+        /* If you do this then you get signing time automatically added */
+        PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+                                                OBJ_nid2obj(NID_pkcs7_data));
+
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+
+        /* Set the content of the signed to 'data' */
+        PKCS7_content_new(p7,NID_pkcs7_data);
+
+        if (!nodetach)
+                PKCS7_set_detached(p7,1);
+
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+
+        if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+
diff --git a/src/lib/libcrypto/pkcs7/t/3des.pem b/src/lib/libcrypto/pkcs7/t/3des.pem
new file mode 100644
index 0000000000..b2b5081a10
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/3des.pem
@@ -0,0 +1,16 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+-----END PKCS7-----
+
diff --git a/src/lib/libcrypto/pkcs7/t/3dess.pem b/src/lib/libcrypto/pkcs7/t/3dess.pem
new file mode 100644
index 0000000000..23f013516a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/3dess.pem
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/c.pem b/src/lib/libcrypto/pkcs7/t/c.pem
new file mode 100644
index 0000000000..a4b55e321a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/c.pem
@@ -0,0 +1,48 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libcrypto/pkcs7/t/ff b/src/lib/libcrypto/pkcs7/t/ff
new file mode 100644
index 0000000000..23f013516a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/ff
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-e b/src/lib/libcrypto/pkcs7/t/msie-e
new file mode 100644
index 0000000000..aafae69fc9
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-e
@@ -0,0 +1,20 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y
+wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z
+VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3
+YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx
+2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7
+oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK
+HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J
+eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH
+OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9
+qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD
+bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI
+/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA
+
+
diff --git a/src/lib/libcrypto/pkcs7/t/msie-e.pem b/src/lib/libcrypto/pkcs7/t/msie-e.pem
new file mode 100644
index 0000000000..a2a5e24e74
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-e.pem
@@ -0,0 +1,22 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9
+v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If
+lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK
+ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4
+L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ
+KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ
+pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF
+BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT
+WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F
+lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj
+5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr
+8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01 b/src/lib/libcrypto/pkcs7/t/msie-enc-01
new file mode 100644
index 0000000000..2c93ab6462
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-01
@@ -0,0 +1,62 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0
+IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT
+EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz
+IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ
+KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP
+gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI
+pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm
+STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq
+Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg
+optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx
+Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9
+ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t
+Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y
+M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te
+dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK
+RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO
+wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ
+NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA
+4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie
+0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa
+mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD
+FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR
+3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE
+2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN
+d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565
+JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK
+6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp
+DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5
+hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa
+9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx
+QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/
+UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo
+lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9
+Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS
+KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA
+70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda
+KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs
+UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji
+J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd
+8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH
+icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8
+1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM
+aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds
+J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE
+CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ
+KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE
+CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA
+hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR
+yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1
+FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4
+16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY
+4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr
+xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG
+gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM
++Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD
+NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA
+AAAAAAAAAAAA
+
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem
new file mode 100644
index 0000000000..9abf00b2f2
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC
+QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD
+VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq
+hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q
+VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq
+hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ
+NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W
+iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr
+cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg
+Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT
+bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX
+kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5
+mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/
+GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw
+Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj
+ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv
+WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc
+KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv
+5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o
+3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo
+qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6
+/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j
+JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62
+r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn
+szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr
+xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA
+bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7
+nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW
+7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi
+q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o
+PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w
+yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz
+l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4
+UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8
+pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs
+/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6
+4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk
+e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK
+lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9
+09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o
+Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV
+Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a
+sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE
+SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu
+WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd
+2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi
+P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+
+XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed
+XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO
+ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf
+APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD
+Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf
+LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl
+Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm
+yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM
+GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/
+rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP
+T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/
+g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04
+3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO
+6RLfsTyyPgJi0GsAAAAA
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02 b/src/lib/libcrypto/pkcs7/t/msie-enc-02
new file mode 100644
index 0000000000..7017055965
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-02
@@ -0,0 +1,90 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn
+kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn
+rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ
+xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP
+EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW
+PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG
+PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk
+PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl
+XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7
+dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c
+QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr
+cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa
+WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe
++tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy
+rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK
+xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z
+gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA
+SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54
+YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC
+ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB
+OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD
+31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo
+m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0
+PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc
+ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0
+iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa
+BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC
+fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56
+7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut
+eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x
+g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O
+/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj
+yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9
+rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J
+mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs
+8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw
+/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh
+xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU
+V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t
+5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r
+S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB
+DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf
+WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y
+NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi
+LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT
+8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx
+aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP
+Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl
+m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U
+p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG
+x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF
+yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT
+7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy
+Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj
+dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L
+yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod
+3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5
+BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs
+hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm
+P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm
+bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj
+9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp
+B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj
+p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA
+2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e
+KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I
+YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz
+2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC
+Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk
++aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM
+6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk
+461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n
+wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q
+w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF
+oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee
+E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD
+XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV
+2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l
+SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF
+cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw
+BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU
+rZgAAAAAAAAAAAAA
+
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem
new file mode 100644
index 0000000000..279c5d830b
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0
+M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y
+K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+
+pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3
+RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg
+JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U
+uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y
+tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g
+RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY
+Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH
+UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax
+mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG
+wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM
+GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n
+q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV
+V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF
+zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB
+CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba
+z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc
+au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2
+xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq
+LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9
+OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+
+PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9
+dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B
+l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT
+jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo
+/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP
+Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW
+PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf
+FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn
+yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h
+xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB
+BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+
+LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5
+0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn
+N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV
+UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i
+kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6
+q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD
+1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9
+q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV
+mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM
+VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG
+BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt
+LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5
+bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv
+wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5
+K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv
+b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6
+KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2
+0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl
+SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm
+CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl
+lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N
+WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD
+svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy
+KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ
+GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy
+X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa
+IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p
+kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V
+KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/
+6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8
+Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK
+0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v
+ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL
+770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/
+4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p
+8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM
+64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+
+liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX
+I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa
+bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI
+ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0
+yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH
+4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1
+DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ
+qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec
+Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv
+2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4
+OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew
+rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0
+Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw
+aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO
+2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1
+7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T
+RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2
+G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/
+W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3
+r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY
+hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R
+9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0
+YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj
+FK2YAAAAAA==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e b/src/lib/libcrypto/pkcs7/t/msie-s-a-e
new file mode 100644
index 0000000000..0067794d70
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-s-a-e
@@ -0,0 +1,91 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS
+G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha
+VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0
+f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj
+cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI
+DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf
+ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U
+CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz
+3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY
+cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD
+1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G
+O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO
+P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P
+Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j
+aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0
+okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy
+0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc
+yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi
+Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay
+0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg
+58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO
+whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM
+6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0
+3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U
+PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG
+EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa
+qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF
+ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw
+/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle
+kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD
+KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a
+h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal
+r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0
+qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ
+QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b
+U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE
+PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF
+o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1
+YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA
++EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN
+Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY
+CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV
+OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg
+XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD
+c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J
+TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9
+gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4
+zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD
+JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH
+rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah
+fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt
+j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI
+Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm
+hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap
+m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU
+xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/
+/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P
+O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd
+K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI
+LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc
+dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE
+ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV
+H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY
+6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR
+qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ
+MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46
+EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx
+MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP
+EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon
+iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z
+uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++
+Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU
+AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy
+FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ
+IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD
+yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt
+X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN
+wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d
+mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j
+OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l
+bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s
+5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==
+
+
diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem b/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem
new file mode 100644
index 0000000000..55dbd8f80b
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO
+OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv
+ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g
+l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3
+UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms
+HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl
+PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD
+2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ
+/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM
+IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi
+BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu
+rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ
+V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm
+a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv
+zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI
+IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v
+1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR
+iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg
+93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc
+k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4
+Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz
+6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM
+Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+
+shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk
+iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU
+vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc
+DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U
+ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI
+WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR
+VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw
+ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb
+4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1
+wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA
+Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+
+7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY
+TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q
+PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR
+NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/
+574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N
+oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33
+p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf
+VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD
+3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo
+9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD
+XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6
+pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01
+JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu
+WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm
++facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY
+9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4
+0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q
+53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp
+6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T
+H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD
+pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+
+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC
+QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV
+uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6
+M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4
+EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm
+jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG
+qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38
+Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6
+L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt
+gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP
+pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf
+/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4
+JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt
++u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV
+DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO
+S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6
+zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB
+RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR
+mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh
+nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb
+WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP
+9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl
+Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT
+H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5
+jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz
+x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0
+Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ
+YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv
+Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf
+ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi
+r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP
+zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI
+Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3
+QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22
+DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN
+mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn
+29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm
+WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi
+Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN
+7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/nav-smime b/src/lib/libcrypto/pkcs7/t/nav-smime
new file mode 100644
index 0000000000..6ee4b597a1
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/nav-smime
@@ -0,0 +1,157 @@
+From angela@c2.net.au Thu May 14 13:32:27 1998
+X-UIDL: 83c94dd550e54329bf9571b72038b8c8
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:32:26 +1000 (EST)
+Message-ID: <355A6779.4B63E64C@cryptsoft.com>
+Date: Thu, 14 May 1998 13:39:37 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"
+Content-Length: 2604
+Status: OR
+
+This is a cryptographically signed message in MIME format.
+
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+signed body
+
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+--------------ms9A58844C95949ECC78A1C54C--
+
+
+From angela@c2.net.au Thu May 14 13:33:16 1998
+X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:33:15 +1000 (EST)
+Message-ID: <355A67AB.2AF38806@cryptsoft.com>
+Date: Thu, 14 May 1998 13:40:27 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"
+Content-Length: 2679
+Status: OR
+
+This is a cryptographically signed message in MIME format.
+
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+signed body 2
+
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+
+MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
+AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN
+rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO
+AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N
+coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC
+Zp8SSVVY
+--------------msD7863B84BD61E02C407F2F5E--
+
+
+From angela@c2.net.au Thu May 14 14:05:32 1998
+X-UIDL: a7d629b4b9acacaee8b39371b860a32a
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <tjh@cryptsoft.com>; Thu, 14 May 1998 14:05:32 +1000 (EST)
+Message-ID: <355A6F3B.AC385981@cryptsoft.com>
+Date: Thu, 14 May 1998 14:12:43 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: encrypted
+Content-Type: application/x-pkcs7-mime; name="smime.p7m"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Description: S/MIME Encrypted Message
+Content-Length: 905
+Status: OR
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd
+exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G
+CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg
+nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX
+BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE
+CL3uV8k7m0iqAAAAAAAAAAAAAA==
+
diff --git a/src/lib/libcrypto/pkcs7/t/s.pem b/src/lib/libcrypto/pkcs7/t/s.pem
new file mode 100644
index 0000000000..4fa925b182
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/s.pem
@@ -0,0 +1,57 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
diff --git a/src/lib/libcrypto/pkcs7/t/server.pem b/src/lib/libcrypto/pkcs7/t/server.pem
new file mode 100644
index 0000000000..989baf8709
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/server.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c
new file mode 100644
index 0000000000..b40f26032e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/verify.c
@@ -0,0 +1,263 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "example.h"
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+BIO *bio_err=NULL;
+BIO *bio_out=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        char *pp;
+        int i,printit=0;
+        STACK_OF(PKCS7_SIGNER_INFO) *sk;
+
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
+        EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
+        EVP_add_digest(EVP_mdc2());
+#endif
+
+        data=BIO_new(BIO_s_file());
+
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc--;
+                        argv++;
+                        }
+                else
+                        {
+                        pp=argv[0];
+                        if (!BIO_read_filename(data,argv[0]))
+                                goto err;
+                        }
+                }
+
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
+
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+
+        ERR_clear_error();
+
+        /* We need to process the data */
+        if ((PKCS7_get_detached(p7) || detached))
+                {
+                if (detached == NULL)
+                        {
+                        printf("no data to verify the signature on\n");
+                        exit(1);
+                        }
+                else
+                        p7bio=PKCS7_dataInit(p7,detached);
+                }
+        else
+                {
+                p7bio=PKCS7_dataInit(p7,NULL);
+                }
+
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                }
+
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                printf("there are no signatures on this data\n");
+                exit(1);
+                }
+
+        /* Ok, first we need to, for each subject entry, see if we can verify */
+        for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
+                {
+                ASN1_UTCTIME *tm;
+                char *str1,*str2;
+                int rc;
+
+                si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+                rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                if (rc <= 0)
+                        goto err;
+                printf("signer info\n");
+                if ((tm=get_signed_time(si)) != NULL)
+                        {
+                        BIO_printf(bio_out,"Signed time:");
+                        ASN1_UTCTIME_print(bio_out,tm);
+                        ASN1_UTCTIME_free(tm);
+                        BIO_printf(bio_out,"\n");
+                        }
+                if (get_signed_seq2string(si,&str1,&str2))
+                        {
+                        BIO_printf(bio_out,"String 1 is %s\n",str1);
+                        BIO_printf(bio_out,"String 2 is %s\n",str2);
+                        }
+
+                }
+
+        X509_STORE_free(cert_store);
+
+        printf("done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/pqueue/Makefile b/src/lib/libcrypto/pqueue/Makefile
new file mode 100644
index 0000000000..fb36a0c876
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/Makefile
@@ -0,0 +1,83 @@
+#
+# OpenSSL/crypto/pqueue/Makefile
+#
+
+DIR=    pqueue
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=pqueue.c
+LIBOBJ=pqueue.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pqueue.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pqueue.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pqueue.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pqueue.o: ../../include/openssl/symhacks.h ../cryptlib.h pqueue.c pqueue.h
diff --git a/src/lib/libcrypto/pqueue/pq_test.c b/src/lib/libcrypto/pqueue/pq_test.c
new file mode 100644
index 0000000000..8d496dfc65
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pq_test.c
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pq_test.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "pqueue.h"
+
+int
+main(void)
+        {
+        pitem *item;
+        pqueue pq;
+
+        pq = pqueue_new();
+
+        item = pitem_new(3, NULL);
+        pqueue_insert(pq, item);
+
+        item = pitem_new(1, NULL);
+        pqueue_insert(pq, item);
+
+        item = pitem_new(2, NULL);
+        pqueue_insert(pq, item);
+
+        item = pqueue_find(pq, 1);
+        fprintf(stderr, "found %ld\n", item->priority);
+
+        item = pqueue_find(pq, 2);
+        fprintf(stderr, "found %ld\n", item->priority);
+
+        item = pqueue_find(pq, 3);
+        fprintf(stderr, "found %ld\n", item ? item->priority: 0);
+
+        pqueue_print(pq);
+
+        for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
+                pitem_free(item);
+
+        pqueue_free(pq);
+        return 0;
+        }
diff --git a/src/lib/libcrypto/pqueue/pqueue.c b/src/lib/libcrypto/pqueue/pqueue.c
new file mode 100644
index 0000000000..eab13a1250
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.c
@@ -0,0 +1,252 @@
+/* crypto/pqueue/pqueue.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include "pqueue.h"
+
+typedef struct _pqueue
+        {
+        pitem *items;
+        int count;
+        } pqueue_s;
+
+pitem *
+pitem_new(unsigned char *prio64be, void *data)
+        {
+        pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
+        if (item == NULL) return NULL;
+
+        memcpy(item->priority,prio64be,sizeof(item->priority));
+
+        item->data = data;
+        item->next = NULL;
+
+        return item;
+        }
+
+void
+pitem_free(pitem *item)
+        {
+        if (item == NULL) return;
+
+        OPENSSL_free(item);
+        }
+
+pqueue_s *
+pqueue_new()
+        {
+        pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
+        if (pq == NULL) return NULL;
+
+        memset(pq, 0x00, sizeof(pqueue_s));
+        return pq;
+        }
+
+void
+pqueue_free(pqueue_s *pq)
+        {
+        if (pq == NULL) return;
+
+        OPENSSL_free(pq);
+        }
+
+pitem *
+pqueue_insert(pqueue_s *pq, pitem *item)
+        {
+        pitem *curr, *next;
+
+        if (pq->items == NULL)
+                {
+                pq->items = item;
+                return item;
+                }
+
+        for(curr = NULL, next = pq->items; 
+                next != NULL;
+                curr = next, next = next->next)
+                {
+                /* we can compare 64-bit value in big-endian encoding
+                 * with memcmp:-) */
+                int cmp = memcmp(next->priority, item->priority,8);
+                if (cmp > 0)            /* next > item */
+                        {
+                        item->next = next;
+
+                        if (curr == NULL) 
+                                pq->items = item;
+                        else  
+                                curr->next = item;
+
+                        return item;
+                        }
+                
+                else if (cmp == 0)      /* duplicates not allowed */
+                        return NULL;
+                }
+
+        item->next = NULL;
+        curr->next = item;
+
+        return item;
+        }
+
+pitem *
+pqueue_peek(pqueue_s *pq)
+        {
+        return pq->items;
+        }
+
+pitem *
+pqueue_pop(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+
+        if (pq->items != NULL)
+                pq->items = pq->items->next;
+
+        return item;
+        }
+
+pitem *
+pqueue_find(pqueue_s *pq, unsigned char *prio64be)
+        {
+        pitem *next;
+        pitem *found = NULL;
+
+        if ( pq->items == NULL)
+                return NULL;
+
+        for ( next = pq->items; next->next != NULL; next = next->next)
+                {
+                if ( memcmp(next->priority, prio64be,8) == 0)
+                        {
+                        found = next;
+                        break;
+                        }
+                }
+        
+        /* check the one last node */
+        if ( memcmp(next->priority, prio64be,8) ==0)
+                found = next;
+
+        if ( ! found)
+                return NULL;
+
+#if 0 /* find works in peek mode */
+        if ( prev == NULL)
+                pq->items = next->next;
+        else
+                prev->next = next->next;
+#endif
+
+        return found;
+        }
+
+void
+pqueue_print(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+
+        while(item != NULL)
+                {
+                printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
+                        item->priority[0],item->priority[1],
+                        item->priority[2],item->priority[3],
+                        item->priority[4],item->priority[5],
+                        item->priority[6],item->priority[7]);
+                item = item->next;
+                }
+        }
+
+pitem *
+pqueue_iterator(pqueue_s *pq)
+        {
+        return pqueue_peek(pq);
+        }
+
+pitem *
+pqueue_next(pitem **item)
+        {
+        pitem *ret;
+
+        if ( item == NULL || *item == NULL)
+                return NULL;
+
+
+        /* *item != NULL */
+        ret = *item;
+        *item = (*item)->next;
+
+        return ret;
+        }
+
+int
+pqueue_size(pqueue_s *pq)
+{
+        pitem *item = pq->items;
+        int count = 0;
+        
+        while(item != NULL)
+        {
+                count++;
+                item = item->next;
+        }
+        return count;
+}
diff --git a/src/lib/libcrypto/pqueue/pqueue.h b/src/lib/libcrypto/pqueue/pqueue.h
new file mode 100644
index 0000000000..87fc9037c8
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.h
@@ -0,0 +1,94 @@
+/* crypto/pqueue/pqueue.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PQUEUE_H
+#define HEADER_PQUEUE_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct _pqueue *pqueue;
+
+typedef struct _pitem
+        {
+        unsigned char priority[8]; /* 64-bit value in big-endian encoding */
+        void *data;
+        struct _pitem *next;
+        } pitem;
+
+typedef struct _pitem *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void   pitem_free(pitem *item);
+
+pqueue pqueue_new(void);
+void   pqueue_free(pqueue pq);
+
+pitem *pqueue_insert(pqueue pq, pitem *item);
+pitem *pqueue_peek(pqueue pq);
+pitem *pqueue_pop(pqueue pq);
+pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue pq);
+pitem *pqueue_next(piterator *iter);
+
+void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
+
+#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile
new file mode 100644
index 0000000000..27694aa664
--- /dev/null
+++ b/src/lib/libcrypto/rand/Makefile
@@ -0,0 +1,164 @@
+#
+# OpenSSL/crypto/rand/Makefile
+#
+
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_os2.c rand_nw.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+        rand_win.o rand_unix.o rand_os2.o rand_nw.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
+md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
+rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_os2.o: rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_unix.o: ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_unix.o: rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_win.o: rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
new file mode 100644
index 0000000000..fcdd3f2a84
--- /dev/null
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -0,0 +1,592 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSEVP
+
+#ifdef MD_RAND_DEBUG
+# ifndef NDEBUG
+#   define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
+
+/* #define PREDICT      1 */
+
+#define STATE_SIZE      1023
+static int state_num=0,state_index=0;
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static long md_count[2]={0,0};
+static double entropy=0;
+static int initialized=0;
+
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+                                           * holds CRYPTO_LOCK_RAND
+                                           * (to prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
+
+
+#ifdef PREDICT
+int rand_predictable=0;
+#endif
+
+const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
+
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
+
+RAND_METHOD rand_ssleay_meth={
+        ssleay_rand_seed,
+        ssleay_rand_nopseudo_bytes,
+        ssleay_rand_cleanup,
+        ssleay_rand_add,
+        ssleay_rand_pseudo_bytes,
+        ssleay_rand_status
+        }; 
+
+RAND_METHOD *RAND_SSLeay(void)
+        {
+        return(&rand_ssleay_meth);
+        }
+
+static void ssleay_rand_cleanup(void)
+        {
+        OPENSSL_cleanse(state,sizeof(state));
+        state_num=0;
+        state_index=0;
+        OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+        md_count[0]=0;
+        md_count[1]=0;
+        entropy=0;
+        initialized=0;
+        }
+
+static void ssleay_rand_add(const void *buf, int num, double add)
+        {
+        int i,j,k,st_idx;
+        long md_c[2];
+        unsigned char local_md[MD_DIGEST_LENGTH];
+        EVP_MD_CTX m;
+        int do_not_lock;
+
+        /*
+         * (Based on the rand(3) manpage)
+         *
+         * The input is chopped up into units of 20 bytes (or less for
+         * the last block).  Each of these blocks is run through the hash
+         * function as follows:  The data passed to the hash function
+         * is the current 'md', the same number of bytes from the 'state'
+         * (the location determined by in incremented looping index) as
+         * the current 'block', the new key data 'block', and 'count'
+         * (which is incremented after each use).
+         * The result of this is kept in 'md' and also xored into the
+         * 'state' at the same locations that were used as input into the
+         * hash function.
+         */
+
+        /* check if we already have the lock */
+        if (crypto_lock_rand)
+                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
+                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+                }
+        else
+                do_not_lock = 0;
+
+        if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        st_idx=state_index;
+
+        /* use our own copies of the counters so that even
+         * if a concurrent thread seeds with exactly the
+         * same data and uses the same subarray there's _some_
+         * difference */
+        md_c[0] = md_count[0];
+        md_c[1] = md_count[1];
+
+        memcpy(local_md, md, sizeof md);
+
+        /* state_index <= state_num <= STATE_SIZE */
+        state_index += num;
+        if (state_index >= STATE_SIZE)
+                {
+                state_index%=STATE_SIZE;
+                state_num=STATE_SIZE;
+                }
+        else if (state_num < STATE_SIZE)        
+                {
+                if (state_index > state_num)
+                        state_num=state_index;
+                }
+        /* state_index <= state_num <= STATE_SIZE */
+
+        /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
+         * are what we will use now, but other threads may use them
+         * as well */
+
+        md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+        if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+        EVP_MD_CTX_init(&m);
+        for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+                {
+                j=(num-i);
+                j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
+
+                MD_Init(&m);
+                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+                k=(st_idx+j)-STATE_SIZE;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+
+                /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+                MD_Update(&m,buf,j);
+                /* We know that line may cause programs such as
+                   purify and valgrind to complain about use of
+                   uninitialized data.  The problem is not, it's
+                   with the caller.  Removing that line will make
+                   sure you get really bad randomness and thereby
+                   other problems such as very insecure keys. */
+
+                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+                MD_Final(&m,local_md);
+                md_c[1]++;
+
+                buf=(const char *)buf + j;
+
+                for (k=0; k<j; k++)
+                        {
+                        /* Parallel threads may interfere with this,
+                         * but always each byte of the new state is
+                         * the XOR of some previous value of its
+                         * and local_md (itermediate values may be lost).
+                         * Alway using locking could hurt performance more
+                         * than necessary given that conflicts occur only
+                         * when the total seeding is longer than the random
+                         * state. */
+                        state[st_idx++]^=local_md[k];
+                        if (st_idx >= STATE_SIZE)
+                                st_idx=0;
+                        }
+                }
+        EVP_MD_CTX_cleanup(&m);
+
+        if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        /* Don't just copy back local_md into md -- this could mean that
+         * other thread's seeding remains without effect (except for
+         * the incremented counter).  By XORing it we keep at least as
+         * much entropy as fits into md. */
+        for (k = 0; k < (int)sizeof(md); k++)
+                {
+                md[k] ^= local_md[k];
+                }
+        if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+            entropy += add;
+        if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+        assert(md_c[1] == md_count[1]);
+#endif
+        }
+
+static void ssleay_rand_seed(const void *buf, int num)
+        {
+        ssleay_rand_add(buf, num, (double)num);
+        }
+
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
+        {
+        static volatile int stirred_pool = 0;
+        int i,j,k,st_num,st_idx;
+        int num_ceil;
+        int ok;
+        long md_c[2];
+        unsigned char local_md[MD_DIGEST_LENGTH];
+        EVP_MD_CTX m;
+#ifndef GETPID_IS_MEANINGLESS
+        pid_t curr_pid = getpid();
+#endif
+        int do_stir_pool = 0;
+
+#ifdef PREDICT
+        if (rand_predictable)
+                {
+                static unsigned char val=0;
+
+                for (i=0; i<num; i++)
+                        buf[i]=val++;
+                return(1);
+                }
+#endif
+
+        if (num <= 0)
+                return 1;
+
+        EVP_MD_CTX_init(&m);
+        /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+        num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
+
+        /*
+         * (Based on the rand(3) manpage:)
+         *
+         * For each group of 10 bytes (or less), we do the following:
+         *
+         * Input into the hash function the local 'md' (which is initialized from
+         * the global 'md' before any bytes are generated), the bytes that are to
+         * be overwritten by the random bytes, and bytes from the 'state'
+         * (incrementing looping index). From this digest output (which is kept
+         * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+         * bottom 10 bytes are xored into the 'state'.
+         * 
+         * Finally, after we have finished 'num' random bytes for the
+         * caller, 'count' (which is incremented) and the local and global 'md'
+         * are fed into the hash function and the results are kept in the
+         * global 'md'.
+         */
+
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+        CRYPTO_THREADID_current(&locking_threadid);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+        crypto_lock_rand = 1;
+
+        if (!initialized)
+                {
+                RAND_poll();
+                initialized = 1;
+                }
+        
+        if (!stirred_pool)
+                do_stir_pool = 1;
+        
+        ok = (entropy >= ENTROPY_NEEDED);
+        if (!ok)
+                {
+                /* If the PRNG state is not yet unpredictable, then seeing
+                 * the PRNG output may help attackers to determine the new
+                 * state; thus we have to decrease the entropy estimate.
+                 * Once we've had enough initial seeding we don't bother to
+                 * adjust the entropy count, though, because we're not ambitious
+                 * to provide *information-theoretic* randomness.
+                 *
+                 * NOTE: This approach fails if the program forks before
+                 * we have enough entropy. Entropy should be collected
+                 * in a separate input pool and be transferred to the
+                 * output pool only when the entropy limit has been reached.
+                 */
+                entropy -= num;
+                if (entropy < 0)
+                        entropy = 0;
+                }
+
+        if (do_stir_pool)
+                {
+                /* In the output function only half of 'md' remains secret,
+                 * so we better make sure that the required entropy gets
+                 * 'evenly distributed' through 'state', our randomness pool.
+                 * The input function (ssleay_rand_add) chains all of 'md',
+                 * which makes it more suitable for this purpose.
+                 */
+
+                int n = STATE_SIZE; /* so that the complete pool gets accessed */
+                while (n > 0)
+                        {
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
+#endif
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+                        /* Note that the seed does not matter, it's just that
+                         * ssleay_rand_add expects to have something to hash. */
+                        ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+                        n -= MD_DIGEST_LENGTH;
+                        }
+                if (ok)
+                        stirred_pool = 1;
+                }
+
+        st_idx=state_index;
+        st_num=state_num;
+        md_c[0] = md_count[0];
+        md_c[1] = md_count[1];
+        memcpy(local_md, md, sizeof md);
+
+        state_index+=num_ceil;
+        if (state_index > state_num)
+                state_index %= state_num;
+
+        /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
+         * are now ours (but other threads may use them too) */
+
+        md_count[0] += 1;
+
+        /* before unlocking, we must clear 'crypto_lock_rand' */
+        crypto_lock_rand = 0;
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+        while (num > 0)
+                {
+                /* num_ceil -= MD_DIGEST_LENGTH/2 */
+                j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+                num-=j;
+                MD_Init(&m);
+#ifndef GETPID_IS_MEANINGLESS
+                if (curr_pid) /* just in the first iteration to save time */
+                        {
+                        MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
+                        curr_pid = 0;
+                        }
+#endif
+                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+
+#ifndef PURIFY /* purify complains */
+                /* The following line uses the supplied buffer as a small
+                 * source of entropy: since this buffer is often uninitialised
+                 * it may cause programs such as purify or valgrind to
+                 * complain. So for those builds it is not used: the removal
+                 * of such a small source of entropy has negligible impact on
+                 * security.
+                 */
+                MD_Update(&m,buf,j);
+#endif
+
+                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
+                MD_Final(&m,local_md);
+
+                for (i=0; i<MD_DIGEST_LENGTH/2; i++)
+                        {
+                        state[st_idx++]^=local_md[i]; /* may compete with other threads */
+                        if (st_idx >= st_num)
+                                st_idx=0;
+                        if (i < j)
+                                *(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
+                        }
+                }
+
+        MD_Init(&m);
+        MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+        MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        MD_Update(&m,md,MD_DIGEST_LENGTH);
+        MD_Final(&m,md);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+        EVP_MD_CTX_cleanup(&m);
+        if (ok)
+                return(1);
+        else if (pseudo)
+                return 0;
+        else 
+                {
+                RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+                ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                        "http://www.openssl.org/support/faq.html");
+                return(0);
+                }
+        }
+
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
+        {
+        return ssleay_rand_bytes(buf, num, 0);
+        }
+
+/* pseudo-random bytes that are guaranteed to be unique but not
+   unpredictable */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+        {
+        return ssleay_rand_bytes(buf, num, 1);
+        }
+
+static int ssleay_rand_status(void)
+        {
+        CRYPTO_THREADID cur;
+        int ret;
+        int do_not_lock;
+
+        CRYPTO_THREADID_current(&cur);
+        /* check if we already have the lock
+         * (could happen if a RAND_poll() implementation calls RAND_status()) */
+        if (crypto_lock_rand)
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+                do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+                }
+        else
+                do_not_lock = 0;
+        
+        if (!do_not_lock)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+                
+                /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+                CRYPTO_THREADID_cpy(&locking_threadid, &cur);
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+                crypto_lock_rand = 1;
+                }
+        
+        if (!initialized)
+                {
+                RAND_poll();
+                initialized = 1;
+                }
+
+        ret = entropy >= ENTROPY_NEEDED;
+
+        if (!do_not_lock)
+                {
+                /* before unlocking, we must clear 'crypto_lock_rand' */
+                crypto_lock_rand = 0;
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                }
+        
+        return ret;
+        }
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index bb5520e80a..dc8fcf94c5 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -138,7 +138,6 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 
 /* Reason codes. */
-#define RAND_R_DUAL_EC_DRBG_DISABLED                     104
 #define RAND_R_ERROR_INITIALISING_DRBG                   102
 #define RAND_R_ERROR_INSTANTIATING_DRBG                  103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
new file mode 100644
index 0000000000..d53b916ebe
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -0,0 +1,303 @@
+/* crypto/rand/rand_egd.c */
+/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+
+/*
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ *   will actually query "bytes" bytes of entropy form the egd-socket located
+ *   at path and will write them to buf (if supplied) or will directly feed
+ *   it to RAND_seed() if buf==NULL.
+ *   The number of bytes is not limited by the maximum chunk size of EGD,
+ *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ *   of entropy bytes are requested. The connection is left open until the
+ *   query is competed.
+ *   RAND_query_egd_bytes() returns with
+ *     -1  if an error occured during connection or communication.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *   This routine does not touch any RAND_status(). This is necessary, since
+ *   PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ *   used to seed the PRNG.
+ *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ *   seed status so that the return value can reflect the seed state:
+ *     -1  if an error occured during connection or communication _or_
+ *         if the PRNG has still not received the required seeding.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ *   the PRNG.
+ *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+        {
+        return(-1);
+        }
+int RAND_egd(const char *path)
+        {
+        return(-1);
+        }
+
+int RAND_egd_bytes(const char *path,int bytes)
+        {
+        return(-1);
+        }
+#else
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifndef NO_SYS_UN_H
+# ifdef OPENSSL_SYS_VXWORKS
+#   include <streams/un.h>
+# else
+#   include <sys/un.h>
+# endif
+#else
+struct  sockaddr_un {
+        short   sun_family;             /* AF_UNIX */
+        char    sun_path[108];          /* path name (gag) */
+};
+#endif /* NO_SYS_UN_H */
+#include <string.h>
+#include <errno.h>
+
+#ifndef offsetof
+#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+#endif
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+        {
+        int ret = 0;
+        struct sockaddr_un addr;
+        int len, num, numbytes;
+        int fd = -1;
+        int success;
+        unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+
+        memset(&addr, 0, sizeof(addr));
+        addr.sun_family = AF_UNIX;
+        if (strlen(path) >= sizeof(addr.sun_path))
+                return (-1);
+        BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
+        len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+        fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (fd == -1) return (-1);
+        success = 0;
+        while (!success)
+            {
+            if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+               success = 1;
+            else
+                {
+                switch (errno)
+                    {
+#ifdef EINTR
+                    case EINTR:
+#endif
+#ifdef EAGAIN
+                    case EAGAIN:
+#endif
+#ifdef EINPROGRESS
+                    case EINPROGRESS:
+#endif
+#ifdef EALREADY
+                    case EALREADY:
+#endif
+                        /* No error, try again */
+                        break;
+#ifdef EISCONN
+                    case EISCONN:
+                        success = 1;
+                        break;
+#endif
+                    default:
+                        goto err;       /* failure */
+                    }
+                }
+            }
+
+        while(bytes > 0)
+            {
+            egdbuf[0] = 1;
+            egdbuf[1] = bytes < 255 ? bytes : 255;
+            numbytes = 0;
+            while (numbytes != 2)
+                {
+                num = write(fd, egdbuf + numbytes, 2 - numbytes);
+                if (num >= 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            numbytes = 0;
+            while (numbytes != 1)
+                {
+                num = read(fd, egdbuf, 1);
+                if (num == 0)
+                        goto err;       /* descriptor closed */
+                else if (num > 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            if(egdbuf[0] == 0)
+                goto err;
+            if (buf)
+                retrievebuf = buf + ret;
+            else
+                retrievebuf = tempbuf;
+            numbytes = 0;
+            while (numbytes != egdbuf[0])
+                {
+                num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+                if (num == 0)
+                        goto err;       /* descriptor closed */
+                else if (num > 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            ret += egdbuf[0];
+            bytes -= egdbuf[0];
+            if (!buf)
+                RAND_seed(tempbuf, egdbuf[0]);
+            }
+ err:
+        if (fd != -1) close(fd);
+        return(ret);
+        }
+
+
+int RAND_egd_bytes(const char *path, int bytes)
+        {
+        int num, ret = 0;
+
+        num = RAND_query_egd_bytes(path, NULL, bytes);
+        if (num < 1) goto err;
+        if (RAND_status() == 1)
+            ret = num;
+ err:
+        return(ret);
+        }
+
+
+int RAND_egd(const char *path)
+        {
+        return (RAND_egd_bytes(path, 255));
+        }
+
+
+#endif
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index c4c80fc8cc..b8586c8f4a 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -78,7 +78,6 @@ static ERR_STRING_DATA RAND_str_functs[]=
 
 static ERR_STRING_DATA RAND_str_reasons[]=
         {
-{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h
new file mode 100644
index 0000000000..618a8ec899
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_lcl.h
@@ -0,0 +1,158 @@
+/* crypto/rand/rand_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RAND_LCL_H
+#define HEADER_RAND_LCL_H
+
+#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
+
+
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(OPENSSL_NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+#define USE_MDC2_RAND
+#elif !defined(OPENSSL_NO_MD2)
+#define USE_MD2_RAND
+#else
+#error No message digest algorithm available
+#endif
+#endif
+
+#include <openssl/evp.h>
+#define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
+#define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
+#if defined(USE_MD5_RAND)
+#include <openssl/md5.h>
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+#elif defined(USE_SHA1_RAND)
+#include <openssl/sha.h>
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+#elif defined(USE_MDC2_RAND)
+#include <openssl/mdc2.h>
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+#elif defined(USE_MD2_RAND)
+#include <openssl/md2.h>
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+#endif
+
+
+#endif
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 5ac0e14caf..daf1dab973 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,11 +210,8 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
         {
-        if (out)
-                {
-                OPENSSL_cleanse(out, olen);
-                OPENSSL_free(out);
-                }
+        OPENSSL_cleanse(out, olen);
+        OPENSSL_free(out);
         }
 
 /* Set "additional input" when generating random data. This uses the
@@ -269,14 +266,6 @@ int RAND_init_fips(void)
         DRBG_CTX *dctx;
         size_t plen;
         unsigned char pers[32], *p;
-#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
-        if (fips_drbg_type >> 16)
-                {
-                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
-                return 0;
-                }
-#endif
-                
         dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                 {
diff --git a/src/lib/libcrypto/rand/rand_nw.c b/src/lib/libcrypto/rand/rand_nw.c
new file mode 100644
index 0000000000..8d5b8d2e32
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_nw.c
@@ -0,0 +1,183 @@
+/* crypto/rand/rand_nw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined (OPENSSL_SYS_NETWARE)
+
+#if defined(NETWARE_LIBC)
+#include <nks/thread.h>
+#else
+#include <nwthread.h>
+#endif
+
+extern int GetProcessSwitchCount(void);
+#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
+extern void *RunningProcess; /* declare here same as found in newer NDKs */
+extern unsigned long GetSuperHighResolutionTimer(void);
+#endif
+
+   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
+   */
+int RAND_poll(void)
+{
+   unsigned long l;
+   unsigned long tsc;
+   int i; 
+
+      /* There are several options to gather miscellaneous data
+       * but for now we will loop checking the time stamp counter (rdtsc) and
+       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes
+       * of data but it is treated as only 1 byte of entropy.  The call to
+       * ThreadSwitchWithDelay() will introduce additional variability into
+       * the data returned by rdtsc.
+       *
+       * Applications can agument the seed material by adding additional
+       * stuff with RAND_add() and should probably do so.
+      */
+   l = GetProcessSwitchCount();
+   RAND_add(&l,sizeof(l),1);
+   
+   /* need to cast the void* to unsigned long here */
+   l = (unsigned long)RunningProcess;
+   RAND_add(&l,sizeof(l),1);
+
+   for( i=2; i<ENTROPY_NEEDED; i++)
+   {
+#ifdef __MWERKS__
+      asm 
+      {
+         rdtsc
+         mov tsc, eax        
+      }
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
+#endif
+
+      RAND_add(&tsc, sizeof(tsc), 1);
+
+      l = GetSuperHighResolutionTimer();
+      RAND_add(&l, sizeof(l), 0);
+
+# if defined(NETWARE_LIBC)
+      NXThreadYield();
+# else /* NETWARE_CLIB */
+      ThreadSwitchWithDelay();
+# endif
+   }
+
+   return 1;
+}
+
+#endif 
+
diff --git a/src/lib/libcrypto/rand/rand_os2.c b/src/lib/libcrypto/rand/rand_os2.c
new file mode 100644
index 0000000000..fc1e78b179
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_os2.c
@@ -0,0 +1,153 @@
+/* crypto/rand/rand_os2.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#ifdef OPENSSL_SYS_OS2
+
+#define INCL_DOSPROCESS
+#define INCL_DOSPROFILE
+#define INCL_DOSMISC
+#define INCL_DOSMODULEMGR
+#include <os2.h>
+
+#define   CMD_KI_RDCNT    (0x63)
+
+typedef struct _CPUUTIL {
+    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
+    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
+    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
+    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
+    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
+    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
+    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
+    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
+} CPUUTIL;
+
+#ifndef __KLIBC__
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+#endif
+HMODULE hDoscalls = 0;
+
+int RAND_poll(void)
+{
+    char failed_module[20];
+    QWORD qwTime;
+    ULONG SysVars[QSV_FOREGROUND_PROCESS];
+
+    if (hDoscalls == 0) {
+        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+
+#ifndef __KLIBC__
+        if (rc == 0) {
+            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
+
+            if (rc)
+                DosPerfSysCall = NULL;
+
+            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
+
+            if (rc)
+                DosQuerySysState = NULL;
+        }
+#endif
+    }
+
+    /* Sample the hi-res timer, runs at around 1.1 MHz */
+    DosTmrQueryTime(&qwTime);
+    RAND_add(&qwTime, sizeof(qwTime), 2);
+
+    /* Sample a bunch of system variables, includes various process & memory statistics */
+    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
+    RAND_add(SysVars, sizeof(SysVars), 4);
+
+    /* If available, sample CPU registers that count at CPU MHz
+     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
+     */
+    if (DosPerfSysCall) {
+        CPUUTIL util;
+
+        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
+            RAND_add(&util, sizeof(util), 10);
+        }
+        else {
+#ifndef __KLIBC__
+            DosPerfSysCall = NULL;
+#endif
+        }
+    }
+
+    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
+    if (DosQuerySysState) {
+        char *buffer = OPENSSL_malloc(256 * 1024);
+
+        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
+            /* First 4 bytes in buffer is a pointer to the thread count
+             * there should be at least 1 byte of entropy per thread
+             */
+            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
+        }
+
+        OPENSSL_free(buffer);
+        return 1;
+    }
+
+    return 0;
+}
+
+#endif /* OPENSSL_SYS_OS2 */
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
new file mode 100644
index 0000000000..3316388443
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -0,0 +1,425 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/times.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
+# include <poll.h>
+#endif
+#include <limits.h>
+#ifndef FD_SETSIZE
+# define FD_SETSIZE (8*sizeof(fd_set))
+#endif
+
+#if defined(OPENSSL_SYS_VOS)
+
+/* The following algorithm repeatedly samples the real-time clock
+   (RTC) to generate a sequence of unpredictable data.  The algorithm
+   relies upon the uneven execution speed of the code (due to factors
+   such as cache misses, interrupts, bus activity, and scheduling) and
+   upon the rather large relative difference between the speed of the
+   clock and the rate at which it can be read.
+
+   If this code is ported to an environment where execution speed is
+   more constant or where the RTC ticks at a much slower rate, or the
+   clock can be read with fewer instructions, it is likely that the
+   results would be far more predictable.
+
+   As a precaution, we generate 4 times the minimum required amount of
+   seed data.  */
+
+int RAND_poll(void)
+{
+        short int code;
+        gid_t curr_gid;
+        pid_t curr_pid;
+        uid_t curr_uid;
+        int i, k;
+        struct timespec ts;
+        unsigned char v;
+
+#ifdef OPENSSL_SYS_VOS_HPPA
+        long duration;
+        extern void s$sleep (long *_duration, short int *_code);
+#else
+#ifdef OPENSSL_SYS_VOS_IA32
+        long long duration;
+        extern void s$sleep2 (long long *_duration, short int *_code);
+#else
+#error "Unsupported Platform."
+#endif /* OPENSSL_SYS_VOS_IA32 */
+#endif /* OPENSSL_SYS_VOS_HPPA */
+
+        /* Seed with the gid, pid, and uid, to ensure *some*
+           variation between different processes.  */
+
+        curr_gid = getgid();
+        RAND_add (&curr_gid, sizeof curr_gid, 1);
+        curr_gid = 0;
+
+        curr_pid = getpid();
+        RAND_add (&curr_pid, sizeof curr_pid, 1);
+        curr_pid = 0;
+
+        curr_uid = getuid();
+        RAND_add (&curr_uid, sizeof curr_uid, 1);
+        curr_uid = 0;
+
+        for (i=0; i<(ENTROPY_NEEDED*4); i++)
+        {
+                /* burn some cpu; hope for interrupts, cache
+                   collisions, bus interference, etc.  */
+                for (k=0; k<99; k++)
+                        ts.tv_nsec = random ();
+
+#ifdef OPENSSL_SYS_VOS_HPPA
+                /* sleep for 1/1024 of a second (976 us).  */
+                duration = 1;
+                s$sleep (&duration, &code);
+#else
+#ifdef OPENSSL_SYS_VOS_IA32
+                /* sleep for 1/65536 of a second (15 us).  */
+                duration = 1;
+                s$sleep2 (&duration, &code);
+#endif /* OPENSSL_SYS_VOS_IA32 */
+#endif /* OPENSSL_SYS_VOS_HPPA */
+
+                /* get wall clock time.  */
+                clock_gettime (CLOCK_REALTIME, &ts);
+
+                /* take 8 bits */
+                v = (unsigned char) (ts.tv_nsec % 256);
+                RAND_add (&v, sizeof v, 1);
+                v = 0;
+        }
+        return 1;
+}
+#elif defined __OpenBSD__
+int RAND_poll(void)
+{
+        unsigned char buf[ENTROPY_NEEDED];
+
+        arc4random_buf(buf, sizeof(buf));
+        RAND_add(buf, sizeof(buf), sizeof(buf));
+        memset(buf, 0, sizeof(buf));
+
+        return 1;
+}
+#else /* !defined(__OpenBSD__) */
+int RAND_poll(void)
+{
+        unsigned long l;
+        pid_t curr_pid = getpid();
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        unsigned char tmpbuf[ENTROPY_NEEDED];
+        int n = 0;
+#endif
+#ifdef DEVRANDOM
+        static const char *randomfiles[] = { DEVRANDOM };
+        struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
+        int fd;
+        unsigned int i;
+#endif
+#ifdef DEVRANDOM_EGD
+        static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+        const char **egdsocket = NULL;
+#endif
+
+#ifdef DEVRANDOM
+        memset(randomstats,0,sizeof(randomstats));
+        /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+         * have this. Use /dev/urandom if you can as /dev/random may block
+         * if it runs out of random entries.  */
+
+        for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
+                        (n < ENTROPY_NEEDED); i++)
+                {
+                if ((fd = open(randomfiles[i], O_RDONLY
+#ifdef O_NONBLOCK
+                        |O_NONBLOCK
+#endif
+#ifdef O_BINARY
+                        |O_BINARY
+#endif
+#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
+                   our controlling tty */
+                        |O_NOCTTY
+#endif
+                        )) >= 0)
+                        {
+                        int usec = 10*1000; /* spend 10ms on each file */
+                        int r;
+                        unsigned int j;
+                        struct stat *st=&randomstats[i];
+
+                        /* Avoid using same input... Used to be O_NOFOLLOW
+                         * above, but it's not universally appropriate... */
+                        if (fstat(fd,st) != 0)  { close(fd); continue; }
+                        for (j=0;j<i;j++)
+                                {
+                                if (randomstats[j].st_ino==st->st_ino &&
+                                    randomstats[j].st_dev==st->st_dev)
+                                        break;
+                                }
+                        if (j<i)                { close(fd); continue; }
+
+                        do
+                                {
+                                int try_read = 0;
+
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                /* select() is broken in BeOS R5, so we simply
+                                 *  try to read something and snooze if we couldn't */
+                                try_read = 1;
+
+#elif defined(OPENSSL_SYS_LINUX)
+                                /* use poll() */
+                                struct pollfd pset;
+                                
+                                pset.fd = fd;
+                                pset.events = POLLIN;
+                                pset.revents = 0;
+
+                                if (poll(&pset, 1, usec / 1000) < 0)
+                                        usec = 0;
+                                else
+                                        try_read = (pset.revents & POLLIN) != 0;
+
+#else
+                                /* use select() */
+                                fd_set fset;
+                                struct timeval t;
+                                
+                                t.tv_sec = 0;
+                                t.tv_usec = usec;
+
+                                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
+                                        {
+                                        /* can't use select, so just try to read once anyway */
+                                        try_read = 1;
+                                        }
+                                else
+                                        {
+                                        FD_ZERO(&fset);
+                                        FD_SET(fd, &fset);
+                                        
+                                        if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
+                                                {
+                                                usec = t.tv_usec;
+                                                if (FD_ISSET(fd, &fset))
+                                                        try_read = 1;
+                                                }
+                                        else
+                                                usec = 0;
+                                        }
+#endif
+                                
+                                if (try_read)
+                                        {
+                                        r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
+                                        if (r > 0)
+                                                n += r;
+#if defined(OPENSSL_SYS_BEOS_R5)
+                                        if (r == 0)
+                                                snooze(t.tv_usec);
+#endif
+                                        }
+                                else
+                                        r = -1;
+                                
+                                /* Some Unixen will update t in select(), some
+                                   won't.  For those who won't, or if we
+                                   didn't use select() in the first place,
+                                   give up here, otherwise, we will do
+                                   this once again for the remaining
+                                   time. */
+                                if (usec == 10*1000)
+                                        usec = 0;
+                                }
+                        while ((r > 0 ||
+                               (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
+
+                        close(fd);
+                        }
+                }
+#endif /* defined(DEVRANDOM) */
+
+#ifdef DEVRANDOM_EGD
+        /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+         * collecting daemon. */
+
+        for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
+                {
+                int r;
+
+                r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
+                                         ENTROPY_NEEDED-n);
+                if (r > 0)
+                        n += r;
+                }
+#endif /* defined(DEVRANDOM_EGD) */
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        if (n > 0)
+                {
+                RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
+                OPENSSL_cleanse(tmpbuf,n);
+                }
+#endif
+
+        /* put in some default random data, we need more than just this */
+        l=curr_pid;
+        RAND_add(&l,sizeof(l),0.0);
+        l=getuid();
+        RAND_add(&l,sizeof(l),0.0);
+
+        l=time(NULL);
+        RAND_add(&l,sizeof(l),0.0);
+
+#if defined(OPENSSL_SYS_BEOS)
+        {
+        system_info sysInfo;
+        get_system_info(&sysInfo);
+        RAND_add(&sysInfo,sizeof(sysInfo),0);
+        }
+#endif
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        return 1;
+#else
+        return 0;
+#endif
+}
+
+#endif /* defined(__OpenBSD__) */
+#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
+
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+        {
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/rand/rand_vms.c b/src/lib/libcrypto/rand/rand_vms.c
new file mode 100644
index 0000000000..0bfd8ff7e4
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_vms.c
@@ -0,0 +1,148 @@
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+
+#include <descrip.h>
+#include <jpidef.h>
+#include <ssdef.h>
+#include <starlet.h>
+#ifdef __DECC
+# pragma message disable DOLLARID
+#endif
+
+/* Use 32-bit pointers almost everywhere.  Define the type to which to
+ * cast a pointer passed to an external function.
+ */
+#if __INITIAL_POINTER_SIZE == 64
+# define PTR_T __void_ptr64
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define PTR_T void *
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+static struct items_data_st
+        {
+        short length, code;     /* length is amount of bytes */
+        } items_data[] =
+                { { 4, JPI$_BUFIO },
+                  { 4, JPI$_CPUTIM },
+                  { 4, JPI$_DIRIO },
+                  { 8, JPI$_LOGINTIM },
+                  { 4, JPI$_PAGEFLTS },
+                  { 4, JPI$_PID },
+                  { 4, JPI$_WSSIZE },
+                  { 0, 0 }
+                };
+                  
+int RAND_poll(void)
+        {
+        long pid, iosb[2];
+        int status = 0;
+        struct
+                {
+                short length, code;
+                long *buffer;
+                int *retlen;
+                } item[32], *pitem;
+        unsigned char data_buffer[256];
+        short total_length = 0;
+        struct items_data_st *pitems_data;
+
+        pitems_data = items_data;
+        pitem = item;
+
+        /* Setup */
+        while (pitems_data->length
+                && (total_length + pitems_data->length <= 256))
+                {
+                pitem->length = pitems_data->length;
+                pitem->code = pitems_data->code;
+                pitem->buffer = (long *)&data_buffer[total_length];
+                pitem->retlen = 0;
+                total_length += pitems_data->length;
+                pitems_data++;
+                pitem++;
+                }
+        pitem->length = pitem->code = 0;
+
+        /*
+         * Scan through all the processes in the system and add entropy with
+         * results from the processes that were possible to look at.
+         * However, view the information as only half trustable.
+         */
+        pid = -1;                       /* search context */
+        while ((status = sys$getjpiw(0, &pid,  0, item, iosb, 0, 0))
+                != SS$_NOMOREPROC)
+                {
+                if (status == SS$_NORMAL)
+                        {
+                        RAND_add( (PTR_T)data_buffer, total_length,
+                         total_length/2);
+                        }
+                }
+        sys$gettim(iosb);
+        RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2);
+        return 1;
+}
+
+#endif
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
new file mode 100644
index 0000000000..5d134e186b
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -0,0 +1,807 @@
+/* crypto/rand/rand_win.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#include <windows.h>
+#ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+#endif
+#include <wincrypt.h>
+#include <tlhelp32.h>
+
+/* Limit the time spent walking through the heap, processes, threads and modules to
+   a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
+#define MAXDELAY 1000
+
+/* Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#define PROV_INTEL_SEC 22
+#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+
+static void readtimer(void);
+static void readscreen(void);
+
+/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+   when WINVER is 0x0500 and up, which currently only happens on Win2000.
+   Unfortunately, those are typedefs, so they're a little bit difficult to
+   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
+   within the same conditional, so it can be use to detect the absence of said
+   typedefs. */
+
+#ifndef CURSOR_SHOWING
+/*
+ * Information about the global cursor.
+ */
+typedef struct tagCURSORINFO
+{
+    DWORD   cbSize;
+    DWORD   flags;
+    HCURSOR hCursor;
+    POINT   ptScreenPos;
+} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+
+#define CURSOR_SHOWING     0x00000001
+#endif /* CURSOR_SHOWING */
+
+#if !defined(OPENSSL_SYS_WINCE)
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
+                                    DWORD, DWORD);
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
+
+typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
+typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
+typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
+
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
+typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
+typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
+typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
+typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
+
+#include <lmcons.h>
+#include <lmstats.h>
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
+       * was added to the Platform SDK to allow the NET API to be used in
+       * non-Unicode applications provided that Unicode strings were still
+       * used for input.  LMSTR is defined as LPWSTR.
+       */
+typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
+typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
+#endif /* 1 */
+#endif /* !OPENSSL_SYS_WINCE */
+
+int RAND_poll(void)
+{
+        MEMORYSTATUS m;
+        HCRYPTPROV hProvider = 0;
+        DWORD w;
+        int good = 0;
+
+        /* Determine the OS version we are on so we can turn off things 
+         * that do not work properly.
+         */
+        OSVERSIONINFO osverinfo ;
+        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+        GetVersionEx( &osverinfo ) ;
+
+#if defined(OPENSSL_SYS_WINCE)
+# if defined(_WIN32_WCE) && _WIN32_WCE>=300
+/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
+ * in commonly available implementations prior 300... */
+        {
+        BYTE buf[64];
+        /* poll the CryptoAPI PRNG */
+        /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                                CRYPT_VERIFYCONTEXT))
+                {
+                if (CryptGenRandom(hProvider, sizeof(buf), buf))
+                        RAND_add(buf, sizeof(buf), sizeof(buf));
+                CryptReleaseContext(hProvider, 0); 
+                }
+        }
+# endif
+#else   /* OPENSSL_SYS_WINCE */
+        /*
+         * None of below libraries are present on Windows CE, which is
+         * why we #ifndef the whole section. This also excuses us from
+         * handling the GetProcAddress issue. The trouble is that in
+         * real Win32 API GetProcAddress is available in ANSI flavor
+         * only. In WinCE on the other hand GetProcAddress is a macro
+         * most commonly defined as GetProcAddressW, which accepts
+         * Unicode argument. If we were to call GetProcAddress under
+         * WinCE, I'd recommend to either redefine GetProcAddress as
+         * GetProcAddressA (there seem to be one in common CE spec) or
+         * implement own shim routine, which would accept ANSI argument
+         * and expand it to Unicode.
+         */
+        {
+        /* load functions dynamically - not available on all systems */
+        HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+        HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+        HMODULE user = NULL;
+        HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+        CRYPTACQUIRECONTEXTW acquire = NULL;
+        CRYPTGENRANDOM gen = NULL;
+        CRYPTRELEASECONTEXT release = NULL;
+        NETSTATGET netstatget = NULL;
+        NETFREE netfree = NULL;
+        BYTE buf[64];
+
+        if (netapi)
+                {
+                netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
+                netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+                }
+
+        if (netstatget && netfree)
+                {
+                LPBYTE outbuf;
+                /* NetStatisticsGet() is a Unicode only function
+                 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+                 * contains 17 fields.  We treat each field as a source of
+                 * one byte of entropy.
+                 */
+
+                if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+                        netfree(outbuf);
+                        }
+                if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+                        netfree(outbuf);
+                        }
+                }
+
+        if (netapi)
+                FreeLibrary(netapi);
+
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+         * Only use it on NT.
+         */
+        /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+         * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+         * So we don't use this at all for now. */
+#if 0
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                osverinfo.dwMajorVersion < 5)
+                {
+                /* Read Performance Statistics from NT/2000 registry
+                 * The size of the performance data can vary from call
+                 * to call so we must guess the size of the buffer to use
+                 * and increase its size if we get an ERROR_MORE_DATA
+                 * return instead of ERROR_SUCCESS.
+                 */
+                LONG   rc=ERROR_MORE_DATA;
+                char * buf=NULL;
+                DWORD bufsz=0;
+                DWORD length;
+
+                while (rc == ERROR_MORE_DATA)
+                        {
+                        buf = realloc(buf,bufsz+8192);
+                        if (!buf)
+                                break;
+                        bufsz += 8192;
+
+                        length = bufsz;
+                        rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
+                                NULL, NULL, buf, &length);
+                        }
+                if (rc == ERROR_SUCCESS)
+                        {
+                        /* For entropy count assume only least significant
+                         * byte of each DWORD is random.
+                         */
+                        RAND_add(&length, sizeof(length), 0);
+                        RAND_add(buf, length, length / 4.0);
+
+                        /* Close the Registry Key to allow Windows to cleanup/close
+                         * the open handle
+                         * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+                         *       when the RegQueryValueEx above is done.  However, if
+                         *       it is not explicitly closed, it can cause disk
+                         *       partition manipulation problems.
+                         */
+                        RegCloseKey(HKEY_PERFORMANCE_DATA);
+                        }
+                if (buf)
+                        free(buf);
+                }
+#endif
+
+        if (advapi)
+                {
+                /*
+                 * If it's available, then it's available in both ANSI
+                 * and UNICODE flavors even in Win9x, documentation says.
+                 * We favor Unicode...
+                 */
+                acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+                        "CryptAcquireContextW");
+                gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
+                        "CryptGenRandom");
+                release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+                        "CryptReleaseContext");
+                }
+
+        if (acquire && gen && release)
+                {
+                /* poll the CryptoAPI PRNG */
+                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+                if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                        CRYPT_VERIFYCONTEXT))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), 0);
+                                good = 1;
+#if 0
+                                printf("randomness from PROV_RSA_FULL\n");
+#endif
+                                }
+                        release(hProvider, 0); 
+                        }
+                
+                /* poll the Pentium PRG with CryptoAPI */
+                if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), sizeof(buf));
+                                good = 1;
+#if 0
+                                printf("randomness from PROV_INTEL_SEC\n");
+#endif
+                                }
+                        release(hProvider, 0);
+                        }
+                }
+
+        if (advapi)
+                FreeLibrary(advapi);
+
+        if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
+             !OPENSSL_isservice()) &&
+            (user = LoadLibrary(TEXT("USER32.DLL"))))
+                {
+                GETCURSORINFO cursor;
+                GETFOREGROUNDWINDOW win;
+                GETQUEUESTATUS queue;
+
+                win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
+                cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+                queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+
+                if (win)
+                        {
+                        /* window handle */
+                        HWND h = win();
+                        RAND_add(&h, sizeof(h), 0);
+                        }
+                if (cursor)
+                        {
+                        /* unfortunately, its not safe to call GetCursorInfo()
+                         * on NT4 even though it exists in SP3 (or SP6) and
+                         * higher.
+                         */
+                        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                                osverinfo.dwMajorVersion < 5)
+                                cursor = 0;
+                        }
+                if (cursor)
+                        {
+                        /* cursor position */
+                        /* assume 2 bytes of entropy */
+                        CURSORINFO ci;
+                        ci.cbSize = sizeof(CURSORINFO);
+                        if (cursor(&ci))
+                                RAND_add(&ci, ci.cbSize, 2);
+                        }
+
+                if (queue)
+                        {
+                        /* message queue status */
+                        /* assume 1 byte of entropy */
+                        w = queue(QS_ALLEVENTS);
+                        RAND_add(&w, sizeof(w), 1);
+                        }
+
+                FreeLibrary(user);
+                }
+
+        /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+         * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+         * (Win 9x and 2000 only, not available on NT)
+         *
+         * This seeding method was proposed in Peter Gutmann, Software
+         * Generation of Practically Strong Random Numbers,
+         * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+         * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+         * (The assignment of entropy estimates below is arbitrary, but based
+         * on Peter's analysis the full poll appears to be safe. Additional
+         * interactive seeding is encouraged.)
+         */
+
+        if (kernel)
+                {
+                CREATETOOLHELP32SNAPSHOT snap;
+                CLOSETOOLHELP32SNAPSHOT close_snap;
+                HANDLE handle;
+
+                HEAP32FIRST heap_first;
+                HEAP32NEXT heap_next;
+                HEAP32LIST heaplist_first, heaplist_next;
+                PROCESS32 process_first, process_next;
+                THREAD32 thread_first, thread_next;
+                MODULE32 module_first, module_next;
+
+                HEAPLIST32 hlist;
+                HEAPENTRY32 hentry;
+                PROCESSENTRY32 p;
+                THREADENTRY32 t;
+                MODULEENTRY32 m;
+                DWORD starttime = 0;
+
+                snap = (CREATETOOLHELP32SNAPSHOT)
+                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+                close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                        GetProcAddress(kernel, "CloseToolhelp32Snapshot");
+                heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+                heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+                heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+                heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+                process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
+                process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
+                thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+                thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+                module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+                module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+
+                if (snap && heap_first && heap_next && heaplist_first &&
+                        heaplist_next && process_first && process_next &&
+                        thread_first && thread_next && module_first &&
+                        module_next && (handle = snap(TH32CS_SNAPALL,0))
+                        != INVALID_HANDLE_VALUE)
+                        {
+                        /* heap list and heap walking */
+                        /* HEAPLIST32 contains 3 fields that will change with
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         * HEAPENTRY32 contains 5 fields that will change with 
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         */
+                        ZeroMemory(&hlist, sizeof(HEAPLIST32));
+                        hlist.dwSize = sizeof(HEAPLIST32);              
+                        if (good) starttime = GetTickCount();
+#ifdef _MSC_VER
+                        if (heaplist_first(handle, &hlist))
+                                {
+                                /*
+                                   following discussion on dev ML, exception on WinCE (or other Win
+                                   platform) is theoretically of unknown origin; prevent infinite
+                                   loop here when this theoretical case occurs; otherwise cope with
+                                   the expected (MSDN documented) exception-throwing behaviour of
+                                   Heap32Next() on WinCE.
+
+                                   based on patch in original message by Tanguy Fautré (2009/03/02)
+                                   Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
+                             */
+                                int ex_cnt_limit = 42; 
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        __try
+                                                {
+                                                ZeroMemory(&hentry, sizeof(HEAPENTRY32));
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 80;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
+                                                        && --entrycnt > 0);
+                                                }
+                                                }
+                                        __except (EXCEPTION_EXECUTE_HANDLER)
+                                                {
+                                                        /* ignore access violations when walking the heap list */
+                                                        ex_cnt_limit--;
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY)
+                                                && ex_cnt_limit > 0);
+                                }
+
+#else
+                        if (heaplist_first(handle, &hlist))
+                                {
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 80;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                        && --entrycnt > 0);
+                                                }
+                                        } while (heaplist_next(handle, &hlist) 
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
+                                }
+#endif
+
+                        /* process walking */
+                        /* PROCESSENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        p.dwSize = sizeof(PROCESSENTRY32);
+                
+                        if (good) starttime = GetTickCount();
+                        if (process_first(handle, &p))
+                                do
+                                        RAND_add(&p, p.dwSize, 9);
+                                while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
+
+                        /* thread walking */
+                        /* THREADENTRY32 contains 6 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        t.dwSize = sizeof(THREADENTRY32);
+                        if (good) starttime = GetTickCount();
+                        if (thread_first(handle, &t))
+                                do
+                                        RAND_add(&t, t.dwSize, 6);
+                                while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
+
+                        /* module walking */
+                        /* MODULEENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        m.dwSize = sizeof(MODULEENTRY32);
+                        if (good) starttime = GetTickCount();
+                        if (module_first(handle, &m))
+                                do
+                                        RAND_add(&m, m.dwSize, 9);
+                                while (module_next(handle, &m)
+                                                && (!good || (GetTickCount()-starttime)<MAXDELAY));
+                        if (close_snap)
+                                close_snap(handle);
+                        else
+                                CloseHandle(handle);
+
+                        }
+
+                FreeLibrary(kernel);
+                }
+        }
+#endif /* !OPENSSL_SYS_WINCE */
+
+        /* timer data */
+        readtimer();
+        
+        /* memory usage statistics */
+        GlobalMemoryStatus(&m);
+        RAND_add(&m, sizeof(m), 1);
+
+        /* process ID */
+        w = GetCurrentProcessId();
+        RAND_add(&w, sizeof(w), 1);
+
+#if 0
+        printf("Exiting RAND_poll\n");
+#endif
+
+        return(1);
+}
+
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+        {
+        double add_entropy=0;
+
+        switch (iMsg)
+                {
+        case WM_KEYDOWN:
+                        {
+                        static WPARAM key;
+                        if (key != wParam)
+                                add_entropy = 0.05;
+                        key = wParam;
+                        }
+                        break;
+        case WM_MOUSEMOVE:
+                        {
+                        static int lastx,lasty,lastdx,lastdy;
+                        int x,y,dx,dy;
+
+                        x=LOWORD(lParam);
+                        y=HIWORD(lParam);
+                        dx=lastx-x;
+                        dy=lasty-y;
+                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
+                                add_entropy=.2;
+                        lastx=x, lasty=y;
+                        lastdx=dx, lastdy=dy;
+                        }
+                break;
+                }
+
+        readtimer();
+        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+        RAND_add(&wParam, sizeof(wParam), 0);
+        RAND_add(&lParam, sizeof(lParam), 0);
+ 
+        return (RAND_status());
+        }
+
+
+void RAND_screen(void) /* function available for backward compatibility */
+{
+        RAND_poll();
+        readscreen();
+}
+
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+        DWORD w;
+        LARGE_INTEGER l;
+        static int have_perfc = 1;
+#if defined(_MSC_VER) && defined(_M_X86)
+        static int have_tsc = 1;
+        DWORD cyclecount;
+
+        if (have_tsc) {
+          __try {
+            __asm {
+              _emit 0x0f
+              _emit 0x31
+              mov cyclecount, eax
+              }
+            RAND_add(&cyclecount, sizeof(cyclecount), 1);
+          } __except(EXCEPTION_EXECUTE_HANDLER) {
+            have_tsc = 0;
+          }
+        }
+#else
+# define have_tsc 0
+#endif
+
+        if (have_perfc) {
+          if (QueryPerformanceCounter(&l) == 0)
+            have_perfc = 0;
+          else
+            RAND_add(&l, sizeof(l), 0);
+        }
+
+        if (!have_tsc && !have_perfc) {
+          w = GetTickCount();
+          RAND_add(&w, sizeof(w), 0);
+        }
+}
+
+/* feed screen contents to PRNG */
+/*****************************************************************************
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
+ * the original copyright message is:
+ *
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
+ */
+
+static void readscreen(void)
+{
+#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+  HDC           hScrDC;         /* screen DC */
+  HDC           hMemDC;         /* memory DC */
+  HBITMAP       hBitmap;        /* handle for our bitmap */
+  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
+  BITMAP        bm;             /* bitmap properties */
+  unsigned int  size;           /* size of bitmap */
+  char          *bmbits;        /* contents of bitmap */
+  int           w;              /* screen width */
+  int           h;              /* screen height */
+  int           y;              /* y-coordinate of screen lines to grab */
+  int           n = 16;         /* number of screen lines to grab at a time */
+
+  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+    return;
+
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+  bmbits = OPENSSL_malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+        {
+        unsigned char md[MD_DIGEST_LENGTH];
+
+        /* Bitblt screen DC to memory DC */
+        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+        /* Copy bitmap bits from memory DC to bmbits */
+        GetBitmapBits(hBitmap, size, bmbits);
+
+        /* Get the hash of the bitmap */
+        MD(bmbits,size,md);
+
+        /* Seed the random generator with the hash value */
+        RAND_add(md, MD_DIGEST_LENGTH, 0);
+        }
+
+    OPENSSL_free(bmbits);
+  }
+
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+#endif /* !OPENSSL_SYS_WINCE */
+}
+
+#endif
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 7f1428072d..030e07f418 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,9 +57,7 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
-#endif
 
 #include <errno.h>
 #include <stdio.h>
diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c
new file mode 100644
index 0000000000..9e92a70b03
--- /dev/null
+++ b/src/lib/libcrypto/rand/randtest.c
@@ -0,0 +1,219 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+
+#include "../e_os.h"
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+int main(int argc,char **argv)
+        {
+        unsigned char buf[2500];
+        int i,j,k,s,sign,nsign,err=0;
+        unsigned long n1;
+        unsigned long n2[16];
+        unsigned long runs[2][34];
+        /*double d; */
+        long d;
+
+        i = RAND_pseudo_bytes(buf,2500);
+        if (i < 0)
+                {
+                printf ("init failed, the rand method is not properly installed\n");
+                err++;
+                goto err;
+                }
+
+        n1=0;
+        for (i=0; i<16; i++) n2[i]=0;
+        for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+
+        /* test 1 and 2 */
+        sign=0;
+        nsign=0;
+        for (i=0; i<2500; i++)
+                {
+                j=buf[i];
+
+                n2[j&0x0f]++;
+                n2[(j>>4)&0x0f]++;
+
+                for (k=0; k<8; k++)
+                        {
+                        s=(j&0x01);
+                        if (s == sign)
+                                nsign++;
+                        else
+                                {
+                                if (nsign > 34) nsign=34;
+                                if (nsign != 0)
+                                        {
+                                        runs[sign][nsign-1]++;
+                                        if (nsign > 6)
+                                                runs[sign][5]++;
+                                        }
+                                sign=s;
+                                nsign=1;
+                                }
+
+                        if (s) n1++;
+                        j>>=1;
+                        }
+                }
+                if (nsign > 34) nsign=34;
+                if (nsign != 0) runs[sign][nsign-1]++;
+
+        /* test 1 */
+        if (!((9654 < n1) && (n1 < 10346)))
+                {
+                printf("test 1 failed, X=%lu\n",n1);
+                err++;
+                }
+        printf("test 1 done\n");
+
+        /* test 2 */
+#ifdef undef
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=d*16.0/5000.0-5000.0;
+        if (!((1.03 < d) && (d < 57.4)))
+                {
+                printf("test 2 failed, X=%.2f\n",d);
+                err++;
+                }
+#endif
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=(d*8)/25-500000;
+        if (!((103 < d) && (d < 5740)))
+                {
+                printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+                err++;
+                }
+        printf("test 2 done\n");
+
+        /* test 3 */
+        for (i=0; i<2; i++)
+                {
+                if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,1,runs[i][0]);
+                        err++;
+                        }
+                if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,2,runs[i][1]);
+                        err++;
+                        }
+                if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,3,runs[i][2]);
+                        err++;
+                        }
+                if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,4,runs[i][3]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,5,runs[i][4]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,6,runs[i][5]);
+                        err++;
+                        }
+                }
+        printf("test 3 done\n");
+        
+        /* test 4 */
+        if (runs[0][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%lu\n",
+                        0,34,runs[0][33]);
+                err++;
+                }
+        if (runs[1][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%lu\n",
+                        1,34,runs[1][33]);
+                err++;
+                }
+        printf("test 4 done\n");
+ err:
+        err=((err)?1:0);
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(err);
+        }
diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile
new file mode 100644
index 0000000000..8a9d49ab5e
--- /dev/null
+++ b/src/lib/libcrypto/rc2/Makefile
@@ -0,0 +1,90 @@
+#
+# OpenSSL/crypto/rc2/Makefile
+#
+
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
new file mode 100644
index 0000000000..85cf6f65bf
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -0,0 +1,277 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/rc2.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else   /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif  /* CLK_TCK */
+#endif  /* HZ */
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC2_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC2_set_key(&sch,16,key,128);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC2_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC2_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC2_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing RC2_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC2_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC2_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc2/rc2test.c b/src/lib/libcrypto/rc2/rc2test.c
new file mode 100644
index 0000000000..0e117436bb
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2test.c
@@ -0,0 +1,274 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc2.h>
+
+static unsigned char RC2key[4][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+        };
+
+static unsigned char RC2plain[4][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        };
+
+static unsigned char RC2cipher[4][8]={
+        {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+        {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+        {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+        {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+        };
+/************/
+#ifdef undef
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+
+
+/*static int cfb64_test(unsigned char *cfb_cipher);*/
+static char *pt(unsigned char *p);
+#endif
+
+int main(int argc, char *argv[])
+        {
+        int i,n,err=0;
+        RC2_KEY key; 
+        unsigned char buf[8],buf2[8];
+
+        for (n=0; n<4; n++)
+                {
+                RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+
+                RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+                if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb rc2 error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+
+                RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+                if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC2 error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+
+        if (err == 0) printf("ecb RC2 ok\n");
+#ifdef undef
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+#endif
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(err);
+        }
+
+#ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
+#endif
diff --git a/src/lib/libcrypto/rc2/tab.c b/src/lib/libcrypto/rc2/tab.c
new file mode 100644
index 0000000000..25dc14eeba
--- /dev/null
+++ b/src/lib/libcrypto/rc2/tab.c
@@ -0,0 +1,86 @@
+#include <stdio.h>
+
+unsigned char ebits_to_num[256]={
+        0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
+        0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
+        0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
+        0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
+        0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
+        0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
+        0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
+        0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
+        0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
+        0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
+        0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
+        0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
+        0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
+        0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
+        0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
+        0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
+        0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
+        0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
+        0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
+        0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
+        0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
+        0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
+        0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
+        0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
+        0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
+        0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
+        0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
+        0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
+        0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
+        0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
+        0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
+        0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
+        };
+
+unsigned char num_to_ebits[256]={
+        0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
+        0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
+        0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
+        0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
+        0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
+        0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
+        0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
+        0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
+        0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
+        0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
+        0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
+        0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
+        0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
+        0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
+        0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
+        0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
+        0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
+        0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
+        0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
+        0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
+        0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
+        0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
+        0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
+        0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
+        0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
+        0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
+        0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
+        0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
+        0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
+        0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
+        0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
+        0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
+        };
+        
+main()
+        {
+        int i,j;
+
+        for (i=0; i<256; i++)
+                {
+                for (j=0; j<256; j++)
+                        if (ebits_to_num[j] == i)
+                                {
+                                printf("0x%02x,",j);
+                                break;
+                                }
+                }
+        }
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
new file mode 100644
index 0000000000..1614d47961
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -0,0 +1,125 @@
+#
+# OpenSSL/crypto/rc4/Makefile
+#
+
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+AR=             ar r
+
+RC4_ENC=rc4_enc.o rc4_skey.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c rc4_utl.c
+LIBOBJ=$(RC4_ENC) rc4_utl.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+rc4-586.s:      asm/rc4-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+
+rc4-x86_64.s: asm/rc4-x86_64.pl
+        $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@
+rc4-md5-x86_64.s:       asm/rc4-md5-x86_64.pl
+        $(PERL) asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) > $@
+
+rc4-ia64.S: asm/rc4-ia64.pl
+        $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@
+
+rc4-parisc.s:   asm/rc4-parisc.pl
+        $(PERL) asm/rc4-parisc.pl $(PERLASM_SCHEME) $@
+
+rc4-ia64.s: rc4-ia64.S
+        @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
+        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \
+        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \
+        *)      exit 1 ;; \
+        esac
+
+# GNU make "catch all"
+rc4-%.s:        asm/rc4-%.pl;   $(PERL) $< $(PERLASM_SCHEME) $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c
+rc4_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc4_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc4_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+rc4_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rc4_utl.o: ../../include/openssl/symhacks.h rc4_utl.c
diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
index 75750dbf33..d6eac205e9 100755
--- a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
@@ -112,8 +112,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c
new file mode 100644
index 0000000000..c900b26055
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4.c
@@ -0,0 +1,193 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/rc4.h>
+#include <openssl/evp.h>
+
+char *usage[]={
+"usage: rc4 args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -key key        - password\n",
+NULL
+};
+
+int main(int argc, char *argv[])
+        {
+        FILE *in=NULL,*out=NULL;
+        char *infile=NULL,*outfile=NULL,*keystr=NULL;
+        RC4_KEY key;
+        char buf[BUFSIZ];
+        int badops=0,i;
+        char **pp;
+        unsigned char md[MD5_DIGEST_LENGTH];
+
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keystr= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+
+        if (badops)
+                {
+bad:
+                for (pp=usage; (*pp != NULL); pp++)
+                        fprintf(stderr,"%s",*pp);
+                exit(1);
+                }
+
+        if (infile == NULL)
+                in=stdin;
+        else
+                {
+                in=fopen(infile,"r");
+                if (in == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+
+                }
+        if (outfile == NULL)
+                out=stdout;
+        else
+                {
+                out=fopen(outfile,"w");
+                if (out == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+                
+#ifdef OPENSSL_SYS_MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        setmode(fileno(in),O_BINARY);
+        setmode(fileno(out),O_BINARY);
+        }
+#endif
+
+        if (keystr == NULL)
+                { /* get key */
+                i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+                if (i != 0)
+                        {
+                        OPENSSL_cleanse(buf,BUFSIZ);
+                        fprintf(stderr,"bad password read\n");
+                        exit(1);
+                        }
+                keystr=buf;
+                }
+
+        EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL);
+        OPENSSL_cleanse(keystr,strlen(keystr));
+        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+        
+        for(;;)
+                {
+                i=fread(buf,1,BUFSIZ,in);
+                if (i == 0) break;
+                if (i < 0)
+                        {
+                        perror("read");
+                        exit(1);
+                        }
+                RC4(&key,(unsigned int)i,(unsigned char *)buf,
+                        (unsigned char *)buf);
+                i=fwrite(buf,(unsigned int)i,1,out);
+                if (i != 1)
+                        {
+                        perror("write");
+                        exit(1);
+                        }
+                }
+        fclose(out);
+        fclose(in);
+        exit(0);
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/rc4/rc4_utl.c b/src/lib/libcrypto/rc4/rc4_utl.c
new file mode 100644
index 0000000000..ab3f02fe6a
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4_utl.c
@@ -0,0 +1,62 @@
+/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/rc4.h>
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+        {
+#ifdef OPENSSL_FIPS
+        fips_cipher_abort(RC4);
+#endif
+        private_RC4_set_key(key, len, data);
+        }
diff --git a/src/lib/libcrypto/rc4/rc4s.cpp b/src/lib/libcrypto/rc4/rc4s.cpp
new file mode 100644
index 0000000000..3814fde997
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rc4.h>
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[1024];
+        RC4_KEY ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=64,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=256;
+        if (num > 1024-16) num=1024-16;
+        numm=num+8;
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(s1);
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC4(&ctx,num,buffer,buffer);
+                        GetTSC(e2);
+                        RC4(&ctx,num,buffer,buffer);
+                        }
+
+                printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+                        e1-s1,e2-s2,(e1-s1)-(e2-s2));
+                }
+        }
+
diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c
new file mode 100644
index 0000000000..0ebd38123d
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4speed.c
@@ -0,0 +1,253 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/rc4.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC4_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC4_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC4(&sch,8,buf,buf);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC4_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC4_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC4(&sch,BUFSIZE,buf,buf);
+        d=Time_F(STOP);
+        printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
+
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
new file mode 100644
index 0000000000..633a79e758
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -0,0 +1,236 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc4.h>
+#include <openssl/sha.h>
+
+static unsigned char keys[7][30]={
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {4,0xef,0x01,0x23,0x45},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {4,0xef,0x01,0x23,0x45},
+        };
+
+static unsigned char data_len[7]={8,8,8,20,28,10};
+static unsigned char data[7][30]={
+        {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0},
+        };
+
+static unsigned char output[7][30]={
+        {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+        {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+        {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+         0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+         0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+         0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+         0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+         0x40,0x01,0x1e,0xcf,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+        {0},
+        };
+
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        int j;
+        unsigned char *p;
+        RC4_KEY key;
+        unsigned char obuf[512];
+
+        for (i=0; i<6; i++)
+                {
+                RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,data_len[i],&(data[i][0]),obuf);
+                if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+                        {
+                        printf("error calculating RC4\n");
+                        printf("output:");
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[i][0]);
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",*(p++));
+                        printf("\n");
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        printf("test end processing ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+                        {
+                        printf("error in RC4 length processing\n");
+                        printf("output:");
+                        for (j=0; j<i+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<i; j++)
+                                printf(" %02x",*(p++));
+                        printf(" 00\n");
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        printf("test multi-call ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+                if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+                        {
+                        printf("error in RC4 multi-call processing\n");
+                        printf("output:");
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",*(p++));
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        printf("bulk test ");
+        {   unsigned char buf[513];
+            SHA_CTX c;
+            unsigned char md[SHA_DIGEST_LENGTH];
+            static unsigned char expected[]={
+                0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
+                0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
+
+                RC4_set_key(&key,keys[0][0],&(keys[3][1]));
+                memset(buf,'\0',sizeof(buf));
+                SHA1_Init(&c);
+                for (i=0;i<2571;i++) {
+                        RC4(&key,sizeof(buf),buf,buf);
+                        SHA1_Update(&c,buf,sizeof(buf));
+                }
+                SHA1_Final(md,&c);
+
+                if (memcmp(md,expected,sizeof(md))) {
+                        printf("error in RC4 bulk test\n");
+                        printf("output:");
+                        for (j=0; j<(int)sizeof(md); j++)
+                                printf(" %02x",md[j]);
+                        printf("\n");
+                        printf("expect:");
+                        for (j=0; j<(int)sizeof(md); j++)
+                                printf(" %02x",expected[j]);
+                        printf("\n");
+                        err++;
+                }
+                else    printf("ok\n");
+        }
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(0);
+        }
+#endif
diff --git a/src/lib/libcrypto/rc4/rrc4.doc b/src/lib/libcrypto/rc4/rrc4.doc
new file mode 100644
index 0000000000..2f9a953c12
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rrc4.doc
@@ -0,0 +1,278 @@
+Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
+Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
+From: sterndark@netcom.com (David Sterndark)
+Subject: RC4 Algorithm revealed.
+Message-ID: <sternCvKL4B.Hyy@netcom.com>
+Sender: sterndark@netcom.com 
+Organization: NETCOM On-line Communication Services (408 261-4700 guest)
+X-Newsreader: TIN [version 1.2 PL1]
+Date: Wed, 14 Sep 1994 06:35:31 GMT
+Lines: 263
+Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
+
+I am shocked,  shocked, I tell you,  shocked, to discover
+that the cypherpunks have illegaly and criminally revealed
+a crucial RSA trade secret and harmed the security of
+America by reverse engineering the RC4 algorithm and
+publishing it to the world.
+ 
+On Saturday morning an anonymous cypherpunk wrote:
+ 
+ 
+   SUBJECT:  RC4 Source Code
+ 
+ 
+   I've tested this.  It is compatible with the RC4 object module
+   that comes in the various RSA toolkits.  
+ 
+   /* rc4.h */
+   typedef struct rc4_key
+   {      
+        unsigned char state[256];       
+        unsigned char x;        
+        unsigned char y;
+   } rc4_key;
+   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+   rc4_key *key);
+   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
+   
+   
+   /*rc4.c */
+   #include "rc4.h"
+   static void swap_byte(unsigned char *a, unsigned char *b);
+   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+   rc4_key *key)
+   {
+        unsigned char swapByte;
+        unsigned char index1;
+        unsigned char index2;
+        unsigned char* state;
+        short counter;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < 256; counter++)              
+        state[counter] = counter;               
+        key->x = 0;     
+        key->y = 0;     
+        index1 = 0;     
+        index2 = 0;             
+        for(counter = 0; counter < 256; counter++)      
+        {               
+             index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+             swap_byte(&state[counter], &state[index2]);            
+   
+             index1 = (index1 + 1) % key_data_len;  
+        }       
+    }
+    
+    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
+    { 
+        unsigned char x;
+        unsigned char y;
+        unsigned char* state;
+        unsigned char xorIndex;
+        short counter;              
+        
+        x = key->x;     
+        y = key->y;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < buffer_len; counter ++)      
+        {               
+             x = (x + 1) % 256;                      
+             y = (state[x] + y) % 256;               
+             swap_byte(&state[x], &state[y]);                        
+                  
+             xorIndex = (state[x] + state[y]) % 256;                 
+                  
+             buffer_ptr[counter] ^= state[xorIndex];         
+         }               
+         key->x = x;     
+         key->y = y;
+    }
+    
+    static void swap_byte(unsigned char *a, unsigned char *b)
+    {
+        unsigned char swapByte; 
+        
+        swapByte = *a; 
+        *a = *b;      
+        *b = swapByte;
+    }
+ 
+ 
+ 
+Another cypherpunk, this one not anonymous, tested the
+output from this algorithm against the output from
+official RC4 object code
+ 
+ 
+   Date: Tue, 13 Sep 94 18:37:56 PDT
+   From: ekr@eit.COM (Eric Rescorla)
+   Message-Id: <9409140137.AA17743@eitech.eit.com>
+   Subject: RC4 compatibility testing
+   Cc: cypherpunks@toad.com
+   
+   One data point:
+   
+   I can't say anything about the internals of RC4 versus the
+   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
+   since I don't know anything about RC4's internals. 
+   
+   However, I do have a (legitimately acquired) copy of BSAFE2 and
+   so I'm able to compare the output of this algorithm to the output
+   of genuine RC4 as found in BSAFE. I chose a set of test vectors
+   and ran them through both algorithms. The algorithms appear to
+   give identical results, at least with these key/plaintext pairs.
+   
+   I note that this is the algorithm _without_ Hal Finney's
+   proposed modification
+   
+   (see <199409130605.XAA24133@jobe.shell.portal.com>).
+   
+   The vectors I used (together with the ciphertext they produce)
+   follow at the end of this message.
+   
+   -Ekr
+   
+   Disclaimer: This posting does not reflect the opinions of EIT.
+   
+   --------------------results follow--------------
+   Test vector 0
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
+   
+   Test vector 1
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
+   
+   Test vector 2
+   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
+   
+   Test vector 3
+   Key: 0xef 0x01 0x23 0x45 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
+   
+   Test vector 4
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 
+   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
+   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
+   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
+   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
+   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
+   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
+   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
+   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
+   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
+   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
+   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
+   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
+   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
+   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
+   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
+   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
+   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
+   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
+   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
+   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
+   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
+   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
+   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
+   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
+   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
+   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
+   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
+   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
+   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
+   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
+   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
+   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
+   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
+   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
+   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
+   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
+   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
+   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
+   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
+   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
+   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
+   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
+   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
+   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
+   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
+   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
+   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
+   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
+   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
+   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
+   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
+   0xc0 
+   
+
+
+-- 
+ ---------------------------------------------------------------------
+We have the right to defend ourselves and our
+property, because of the kind of animals that we              James A. Donald
+are.  True law derives from this right, not from
+the arbitrary power of the omnipotent state.                jamesd@netcom.com
+
+
diff --git a/src/lib/libcrypto/rc5/Makefile b/src/lib/libcrypto/rc5/Makefile
new file mode 100644
index 0000000000..8a8b00eb89
--- /dev/null
+++ b/src/lib/libcrypto/rc5/Makefile
@@ -0,0 +1,94 @@
+#
+# OpenSSL/crypto/rc5/Makefile
+#
+
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+RC5_ENC=                rc5_enc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5_enc.o: rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5_skey.o: rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5cfb64.o: rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5ofb64.o: rc5_locl.h rc5ofb64.c
diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h
new file mode 100644
index 0000000000..4b3c153b50
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5.h
@@ -0,0 +1,118 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC5_H
+#define HEADER_RC5_H
+
+#include <openssl/opensslconf.h> /* OPENSSL_NO_RC5 */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_RC5
+#error RC5 is disabled.
+#endif
+
+#define RC5_ENCRYPT     1
+#define RC5_DECRYPT     0
+
+/* 32 bit.  For Alpha, things may get weird */
+#define RC5_32_INT unsigned long
+
+#define RC5_32_BLOCK            8
+#define RC5_32_KEY_LENGTH       16 /* This is a default, max is 255 */
+
+/* This are the only values supported.  Tweak the code if you want more
+ * The most supported modes will be
+ * RC5-32/12/16
+ * RC5-32/16/8
+ */
+#define RC5_8_ROUNDS    8
+#define RC5_12_ROUNDS   12
+#define RC5_16_ROUNDS   16
+
+typedef struct rc5_key_st
+        {
+        /* Number of rounds */
+        int rounds;
+        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
+        } RC5_32_KEY;
+
+ 
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+        int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+        int enc);
+void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/rc5/rc5_ecb.c b/src/lib/libcrypto/rc5/rc5_ecb.c
new file mode 100644
index 0000000000..e72b535507
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/rc5/rc5_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *ks, int encrypt)
+        {
+        unsigned long l,d[2];
+
+        c2l(in,l); d[0]=l;
+        c2l(in,l); d[1]=l;
+        if (encrypt)
+                RC5_32_encrypt(d,ks);
+        else
+                RC5_32_decrypt(d,ks);
+        l=d[0]; l2c(l,out);
+        l=d[1]; l2c(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5_enc.c b/src/lib/libcrypto/rc5/rc5_enc.c
new file mode 100644
index 0000000000..f327d32a76
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_enc.c
@@ -0,0 +1,215 @@
+/* crypto/rc5/rc5_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int encrypt)
+        {
+        register unsigned long tin0,tin1;
+        register unsigned long tout0,tout1,xor0,xor1;
+        register long l=length;
+        unsigned long tin[2];
+
+        if (encrypt)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0]+s[0];
+        b=d[1]+s[1];
+        E_RC5_32(a,b,s, 2);
+        E_RC5_32(a,b,s, 4);
+        E_RC5_32(a,b,s, 6);
+        E_RC5_32(a,b,s, 8);
+        E_RC5_32(a,b,s,10);
+        E_RC5_32(a,b,s,12);
+        E_RC5_32(a,b,s,14);
+        E_RC5_32(a,b,s,16);
+        if (key->rounds == 12)
+                {
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                }
+        else if (key->rounds == 16)
+                {
+                /* Do a full expansion to avoid a jump */
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                E_RC5_32(a,b,s,26);
+                E_RC5_32(a,b,s,28);
+                E_RC5_32(a,b,s,30);
+                E_RC5_32(a,b,s,32);
+                }
+        d[0]=a;
+        d[1]=b;
+        }
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0];
+        b=d[1];
+        if (key->rounds == 16) 
+                {
+                D_RC5_32(a,b,s,32);
+                D_RC5_32(a,b,s,30);
+                D_RC5_32(a,b,s,28);
+                D_RC5_32(a,b,s,26);
+                /* Do a full expansion to avoid a jump */
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        else if (key->rounds == 12)
+                {
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        D_RC5_32(a,b,s,16);
+        D_RC5_32(a,b,s,14);
+        D_RC5_32(a,b,s,12);
+        D_RC5_32(a,b,s,10);
+        D_RC5_32(a,b,s, 8);
+        D_RC5_32(a,b,s, 6);
+        D_RC5_32(a,b,s, 4);
+        D_RC5_32(a,b,s, 2);
+        d[0]=a-s[0];
+        d[1]=b-s[1];
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5_locl.h b/src/lib/libcrypto/rc5/rc5_locl.h
new file mode 100644
index 0000000000..d337f73fad
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_locl.h
@@ -0,0 +1,207 @@
+/* crypto/rc5/rc5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
+#define ROTATE_l32(a,n)     _lrotl(a,n)
+#define ROTATE_r32(a,n)     _lrotr(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE_l32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("roll %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+#  define ROTATE_r32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("rorl %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"((unsigned int)(a)) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+# endif
+#endif
+#ifndef ROTATE_l32
+#define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
+#endif
+#ifndef ROTATE_r32
+#define ROTATE_r32(a,n)     (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+
+#define RC5_32_MASK     0xffffffffL
+
+#define RC5_16_P        0xB7E1
+#define RC5_16_Q        0x9E37
+#define RC5_32_P        0xB7E15163L
+#define RC5_32_Q        0x9E3779B9L
+#define RC5_64_P        0xB7E151628AED2A6BLL
+#define RC5_64_Q        0x9E3779B97F4A7C15LL
+
+#define E_RC5_32(a,b,s,n) \
+        a^=b; \
+        a=ROTATE_l32(a,b); \
+        a+=s[n]; \
+        a&=RC5_32_MASK; \
+        b^=a; \
+        b=ROTATE_l32(b,a); \
+        b+=s[n+1]; \
+        b&=RC5_32_MASK;
+
+#define D_RC5_32(a,b,s,n) \
+        b-=s[n+1]; \
+        b&=RC5_32_MASK; \
+        b=ROTATE_r32(b,a); \
+        b^=a; \
+        a-=s[n]; \
+        a&=RC5_32_MASK; \
+        a=ROTATE_r32(a,b); \
+        a^=b;
+
+
+
diff --git a/src/lib/libcrypto/rc5/rc5_skey.c b/src/lib/libcrypto/rc5/rc5_skey.c
new file mode 100644
index 0000000000..a2e00a41c5
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_skey.c
@@ -0,0 +1,113 @@
+/* crypto/rc5/rc5_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds)
+        {
+        RC5_32_INT L[64],l,ll,A,B,*S,k;
+        int i,j,m,c,t,ii,jj;
+
+        if (    (rounds != RC5_16_ROUNDS) &&
+                (rounds != RC5_12_ROUNDS) &&
+                (rounds != RC5_8_ROUNDS))
+                rounds=RC5_16_ROUNDS;
+
+        key->rounds=rounds;
+        S= &(key->data[0]);
+        j=0;
+        for (i=0; i<=(len-8); i+=8)
+                {
+                c2l(data,l);
+                L[j++]=l;
+                c2l(data,l);
+                L[j++]=l;
+                }
+        ii=len-i;
+        if (ii)
+                {
+                k=len&0x07;
+                c2ln(data,l,ll,k);
+                L[j+0]=l;
+                L[j+1]=ll;
+                }
+
+        c=(len+3)/4;
+        t=(rounds+1)*2;
+        S[0]=RC5_32_P;
+        for (i=1; i<t; i++)
+                S[i]=(S[i-1]+RC5_32_Q)&RC5_32_MASK;
+
+        j=(t>c)?t:c;
+        j*=3;
+        ii=jj=0;
+        A=B=0;
+        for (i=0; i<j; i++)
+                {
+                k=(S[ii]+A+B)&RC5_32_MASK;
+                A=S[ii]=ROTATE_l32(k,3);
+                m=(int)(A+B);
+                k=(L[jj]+A+B)&RC5_32_MASK;
+                B=L[jj]=ROTATE_l32(k,m);
+                if (++ii >= t) ii=0;
+                if (++jj >= c) jj=0;
+                }
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5cfb64.c b/src/lib/libcrypto/rc5/rc5cfb64.c
new file mode 100644
index 0000000000..3a8b60bc7a
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/rc5/rc5cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int encrypt)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5ofb64.c b/src/lib/libcrypto/rc5/rc5ofb64.c
new file mode 100644
index 0000000000..d412215f3c
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/rc5/rc5ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        unsigned long ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        RC5_32_encrypt((unsigned long *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5s.cpp b/src/lib/libcrypto/rc5/rc5s.cpp
new file mode 100644
index 0000000000..1c5518bc80
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5s.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rc5.h>
+
+void main(int argc,char *argv[])
+        {
+        RC5_32_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+        RC5_32_set_key(&key, 16,d,12);
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        RC5_32_encrypt(&data[0],&key);
+                        }
+
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5speed.c b/src/lib/libcrypto/rc5/rc5speed.c
new file mode 100644
index 0000000000..8e363be535
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5speed.c
@@ -0,0 +1,277 @@
+/* crypto/rc5/rc5speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/rc5.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC5_32_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC5_32_set_key(&sch,16,key,12);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC5_32_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC5_32_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC5_32_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC5_32_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC5_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("RC5_32/12/16 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc5/rc5test.c b/src/lib/libcrypto/rc5/rc5test.c
new file mode 100644
index 0000000000..ce3d0cc16f
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5test.c
@@ -0,0 +1,386 @@
+/* crypto/rc5/rc5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC5 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC5
+int main(int argc, char *argv[])
+{
+    printf("No RC5 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc5.h>
+
+static unsigned char RC5key[5][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,
+         0x63,0x55,0xa5,0x01,0x10,0xa9,0xce,0x91},
+        {0x78,0x33,0x48,0xe7,0x5a,0xeb,0x0f,0x2f,
+         0xd7,0xb1,0x69,0xbb,0x8d,0xc1,0x67,0x87},
+        {0xdc,0x49,0xdb,0x13,0x75,0xa5,0x58,0x4f,
+         0x64,0x85,0xb4,0x13,0xb5,0xf1,0x2b,0xaf},
+        {0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,
+         0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},
+        };
+
+static unsigned char RC5plain[5][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+        {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+        {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+        {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+        };
+
+static unsigned char RC5cipher[5][8]={
+        {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+        {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+        {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+        {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+        {0xEB,0x44,0xE4,0x15,0xDA,0x31,0x98,0x24},
+        };
+
+#define RC5_CBC_NUM 27
+static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},
+        {0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+        {0x8b,0x9d,0xed,0x91,0xce,0x77,0x94,0xa6},
+        {0x2f,0x75,0x9f,0xe7,0xad,0x86,0xa3,0x78},
+        {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+        {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+        {0xdc,0xfe,0x09,0x85,0x77,0xec,0xa5,0xff},
+        {0x96,0x46,0xfb,0x77,0x63,0x8f,0x9c,0xa8},
+        {0xb2,0xb3,0x20,0x9d,0xb6,0x59,0x4d,0xa4},
+        {0x54,0x5f,0x7f,0x32,0xa5,0xfc,0x38,0x36},
+        {0x82,0x85,0xe7,0xc1,0xb5,0xbc,0x74,0x02},
+        {0xfc,0x58,0x6f,0x92,0xf7,0x08,0x09,0x34},
+        {0xcf,0x27,0x0e,0xf9,0x71,0x7f,0xf7,0xc4},
+        {0xe4,0x93,0xf1,0xc1,0xbb,0x4d,0x6e,0x8c},
+        {0x5c,0x4c,0x04,0x1e,0x0f,0x21,0x7a,0xc3},
+        {0x92,0x1f,0x12,0x48,0x53,0x73,0xb4,0xf7},
+        {0x5b,0xa0,0xca,0x6b,0xbe,0x7f,0x5f,0xad},
+        {0xc5,0x33,0x77,0x1c,0xd0,0x11,0x0e,0x63},
+        {0x29,0x4d,0xdb,0x46,0xb3,0x27,0x8d,0x60},
+        {0xda,0xd6,0xbd,0xa9,0xdf,0xe8,0xf7,0xe8},
+        {0x97,0xe0,0x78,0x78,0x37,0xed,0x31,0x7f},
+        {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+        {0x8f,0x34,0xc3,0xc6,0x81,0xc9,0x96,0x95},
+        {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+        {0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},
+        };
+
+static unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x11},
+        { 1,0x00},
+        { 4,0x00,0x00,0x00,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 4,0x01,0x02,0x03,0x04},
+        { 4,0x01,0x02,0x03,0x04},
+        { 4,0x01,0x02,0x03,0x04},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        };
+
+static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},
+        };
+
+static int rc5_cbc_rounds[RC5_CBC_NUM]={
+         0, 0, 0, 0, 0, 1, 2, 2,
+         8, 8,12,16, 8,12,16,12,
+         8,12,16, 8,12,16,12, 8,
+         8, 8, 8,
+        };
+
+static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+        };
+
+int main(int argc, char *argv[])
+        {
+        int i,n,err=0;
+        RC5_32_KEY key; 
+        unsigned char buf[8],buf2[8],ivb[8];
+
+        for (n=0; n<5; n++)
+                {
+                RC5_32_set_key(&key,16,&(RC5key[n][0]),12);
+
+                RC5_32_ecb_encrypt(&(RC5plain[n][0]),buf,&key,RC5_ENCRYPT);
+                if (memcmp(&(RC5cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb RC5 error encrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC5cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+
+                RC5_32_ecb_encrypt(buf,buf2,&key,RC5_DECRYPT);
+                if (memcmp(&(RC5plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC5 error decrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf2[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC5plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("ecb RC5 ok\n");
+
+        for (n=0; n<RC5_CBC_NUM; n++)
+                {
+                i=rc5_cbc_rounds[n];
+                if (i < 8) continue;
+
+                RC5_32_set_key(&key,rc5_cbc_key[n][0],&(rc5_cbc_key[n][1]),i);
+
+                memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
+                RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]),buf,8,
+                        &key,&(ivb[0]),RC5_ENCRYPT);
+
+                if (memcmp(&(rc5_cbc_cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("cbc RC5 error encrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",rc5_cbc_cipher[n][i]);
+                        err=30;
+                        printf("\n");
+                        }
+
+                memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
+                RC5_32_cbc_encrypt(buf,buf2,8,
+                        &key,&(ivb[0]),RC5_DECRYPT);
+                if (memcmp(&(rc5_cbc_plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("cbc RC5 error decrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf2[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",rc5_cbc_plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("cbc RC5 ok\n");
+
+        EXIT(err);
+        return(err);
+        }
+
+#ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
+#endif
diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile
new file mode 100644
index 0000000000..25140b2a73
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/Makefile
@@ -0,0 +1,95 @@
+#
+# OpenSSL/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+rmd-586.s:      asm/rmd-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/ripemd.h
+rmd_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rmd_one.o: ../../include/openssl/symhacks.h rmd_one.c
diff --git a/src/lib/libcrypto/ripemd/asm/rips.cpp b/src/lib/libcrypto/ripemd/asm/rips.cpp
new file mode 100644
index 0000000000..f7a13677a9
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/asm/rips.cpp
@@ -0,0 +1,82 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/ripemd.h>
+
+#define ripemd160_block_x86 ripemd160_block_asm_host_order
+
+extern "C" {
+void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        RIPEMD160_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+
+        if (argc >= 2)
+                num=atoi(argv[1]);
+
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+#if 0
+        num*=64;
+        numm*=64;
+#endif
+
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        }
+                printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
+
diff --git a/src/lib/libcrypto/ripemd/rmd160.c b/src/lib/libcrypto/ripemd/rmd160.c
new file mode 100644
index 0000000000..b0ec574498
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd160.c
@@ -0,0 +1,127 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/ripemd.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("RIPEMD160(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        RIPEMD160_CTX c;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        RIPEMD160_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                RIPEMD160_Update(&c,buf,(unsigned long)i);
+                }
+        RIPEMD160_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
index d8e72da51b..9ff1a0705e 100644
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -88,7 +88,7 @@ fips_md_init(RIPEMD160)
 void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
         {
         const unsigned char *data=p;
-        register unsigned MD32_REG_T A,B,C,D,E;
+        register volatile unsigned MD32_REG_T A,B,C,D,E;
         unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
         /* See comment in crypto/sha/sha_locl.h for details. */
@@ -105,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 
         A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
-        (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
-        RIP1(A,B,C,D,E,WL00,SL00);      (void)HOST_c2l(data,l); X( 2)=l;
-        RIP1(E,A,B,C,D,WL01,SL01);      (void)HOST_c2l(data,l); X( 3)=l;
-        RIP1(D,E,A,B,C,WL02,SL02);      (void)HOST_c2l(data,l); X( 4)=l;
-        RIP1(C,D,E,A,B,WL03,SL03);      (void)HOST_c2l(data,l); X( 5)=l;
-        RIP1(B,C,D,E,A,WL04,SL04);      (void)HOST_c2l(data,l); X( 6)=l;
-        RIP1(A,B,C,D,E,WL05,SL05);      (void)HOST_c2l(data,l); X( 7)=l;
-        RIP1(E,A,B,C,D,WL06,SL06);      (void)HOST_c2l(data,l); X( 8)=l;
-        RIP1(D,E,A,B,C,WL07,SL07);      (void)HOST_c2l(data,l); X( 9)=l;
-        RIP1(C,D,E,A,B,WL08,SL08);      (void)HOST_c2l(data,l); X(10)=l;
-        RIP1(B,C,D,E,A,WL09,SL09);      (void)HOST_c2l(data,l); X(11)=l;
-        RIP1(A,B,C,D,E,WL10,SL10);      (void)HOST_c2l(data,l); X(12)=l;
-        RIP1(E,A,B,C,D,WL11,SL11);      (void)HOST_c2l(data,l); X(13)=l;
-        RIP1(D,E,A,B,C,WL12,SL12);      (void)HOST_c2l(data,l); X(14)=l;
-        RIP1(C,D,E,A,B,WL13,SL13);      (void)HOST_c2l(data,l); X(15)=l;
+        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
+        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
+        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
+        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
+        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
+        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
+        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
+        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
+        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
+        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
+        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
+        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
+        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
+        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
+        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
         RIP1(B,C,D,E,A,WL14,SL14);
         RIP1(A,B,C,D,E,WL15,SL15);
 
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
index 2bd8957d14..f14b346e66 100644
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              RIPEMD160_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
-        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->E; HOST_l2c(ll,(s));    \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c
new file mode 100644
index 0000000000..fb34e0e836
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmdtest.c
@@ -0,0 +1,145 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RIPEMD
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return(0);
+}
+#else
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+
+static char *ret[]={
+        "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+        "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+        "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+        "5d0689ef49d2fae572b881b123a85ffa21595f36",
+        "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+        "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+        "b0e20b6e3116640286ed3a87a5713079b21f5189",
+        "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+        };
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+#endif
+                EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating RIPEMD160 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
new file mode 100644
index 0000000000..f798d2f749
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -0,0 +1,308 @@
+#
+# OpenSSL/crypto/rsa/Makefile
+#
+
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rsa_test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+        rsa_pmeth.c rsa_crpt.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
+        rsa_pmeth.o rsa_crpt.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_ameth.o: ../../include/openssl/objects.h
+rsa_ameth.o: ../../include/openssl/opensslconf.h
+rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_crpt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_crpt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_crpt.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_crpt.o: ../../include/openssl/opensslconf.h
+rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_crpt.c
+rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_depr.o: ../cryptlib.h rsa_depr.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_err.o: ../../include/openssl/symhacks.h rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_lib.o: ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pmeth.o: ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/opensslconf.h
+rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c
+rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_prn.o: ../cryptlib.h rsa_prn.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 5f269e577a..4814a2fc15 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
 
 RSA *   RSA_new(void);
 RSA *   RSA_new_method(ENGINE *engine);
-int     RSA_size(const RSA *rsa);
+int     RSA_size(const RSA *);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index cc30e77132..9d848db8c6 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -59,12 +59,6 @@ int RSA_check_key(const RSA *key)
         BN_CTX *ctx;
         int r;
         int ret=1;
-
-        if (!key->p || !key->q || !key->n || !key->e || !key->d)
-                {
-                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
-                return 0;
-                }
         
         i = BN_new();
         j = BN_new();
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 88ee2cb557..2e1ddd48d3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
         /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
+         * adding 'p' if r0 is negative above to leave the result still
          * negative. This can break the private key operations: the following
          * second correction should *always* correct this rare occurrence.
          * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
+         * they ensure p > q [steve]
+         */
         if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
         if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_null.c b/src/lib/libcrypto/rsa/rsa_null.c
new file mode 100644
index 0000000000..2f2202f142
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_null.c
@@ -0,0 +1,151 @@
+/* rsa_null.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+/* This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+#endif
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth={
+        "Null RSA",
+        RSA_null_public_encrypt,
+        RSA_null_public_decrypt,
+        RSA_null_private_encrypt,
+        RSA_null_private_decrypt,
+        NULL,
+        NULL,
+        RSA_null_init,
+        RSA_null_finish,
+        0,
+        NULL,
+        NULL,
+        NULL,
+        NULL
+        };
+
+const RSA_METHOD *RSA_null_method(void)
+        {
+        return(&rsa_null_meth);
+        }
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+        {
+        ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+#endif
+
+static int RSA_null_init(RSA *rsa)
+        {
+        return(1);
+        }
+
+static int RSA_null_finish(RSA *rsa)
+        {
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index af4d24a56e..e08ac151ff 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                 return -1;
 
-        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (timingsafe_bcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                 goto decoding_err;
         else
                 {
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
new file mode 100644
index 0000000000..c8705a0f6e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -0,0 +1,340 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+    }
+
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+    SetKey;
+    }
+
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+    }
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+        return(1);
+    return(0);
+}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+    int n;
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 6; v++)
+        {
+        key = RSA_new();
+        switch (v%3) {
+    case 0:
+        clen = key1(key, ctext_ex);
+        break;
+    case 1:
+        clen = key2(key, ctext_ex);
+        break;
+    case 2:
+        clen = key3(key, ctext_ex);
+        break;
+        }
+        if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;
+
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_PADDING);
+        if (num != clen)
+            {
+            printf("PKCS#1 v1.5 encryption failed!\n");
+            err=1;
+            goto oaep;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("PKCS#1 v1.5 decryption failed!\n");
+            err=1;
+            }
+        else
+            printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+    oaep:
+        ERR_clear_error();
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_OAEP_PADDING);
+        if (num == -1 && pad_unknown())
+            {
+            printf("No OAEP support\n");
+            goto next;
+            }
+        if (num != clen)
+            {
+            printf("OAEP encryption failed!\n");
+            err=1;
+            goto next;
+            }
+
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (encrypted data) failed!\n");
+            err=1;
+            }
+        else if (memcmp(ctext, ctext_ex, num) == 0)
+            printf("OAEP test vector %d passed!\n", v);
+    
+        /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+           Try decrypting ctext_ex */
+
+        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (test vector data) failed!\n");
+            err=1;
+            }
+        else
+            printf("OAEP encryption/decryption ok\n");
+
+        /* Try decrypting corrupted ciphertexts */
+        for(n = 0 ; n < clen ; ++n)
+            {
+            int b;
+            unsigned char saved = ctext[n];
+            for(b = 0 ; b < 256 ; ++b)
+                {
+                if(b == saved)
+                    continue;
+                ctext[n] = b;
+                num = RSA_private_decrypt(num, ctext, ptext, key,
+                                          RSA_PKCS1_OAEP_PADDING);
+                if(num > 0)
+                    {
+                    printf("Corrupt data decrypted!\n");
+                    err = 1;
+                    }
+                }
+            }
+    next:
+        RSA_free(key);
+        }
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_thread_state(NULL);
+
+    CRYPTO_mem_leaks_fp(stderr);
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+    return err;
+    }
+#endif
diff --git a/src/lib/libcrypto/seed/Makefile b/src/lib/libcrypto/seed/Makefile
new file mode 100644
index 0000000000..4bc55e4916
--- /dev/null
+++ b/src/lib/libcrypto/seed/Makefile
@@ -0,0 +1,106 @@
+#
+# crypto/seed/Makefile
+#
+
+DIR=    seed
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= seed.h
+HEADER= seed_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+seed.o: ../../include/openssl/seed.h ../../include/openssl/stack.h
+seed.o: ../../include/openssl/symhacks.h seed.c seed_locl.h
+seed_cbc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+seed_cbc.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+seed_cbc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+seed_cbc.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+seed_cbc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+seed_cbc.o: seed_cbc.c
+seed_cfb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+seed_cfb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+seed_cfb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+seed_cfb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+seed_cfb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+seed_cfb.o: seed_cfb.c
+seed_ecb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+seed_ecb.o: ../../include/openssl/opensslconf.h
+seed_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+seed_ecb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+seed_ecb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+seed_ecb.o: seed_ecb.c
+seed_ofb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+seed_ofb.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+seed_ofb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+seed_ofb.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+seed_ofb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+seed_ofb.o: seed_ofb.c
diff --git a/src/lib/libcrypto/seed/seed.c b/src/lib/libcrypto/seed/seed.c
new file mode 100644
index 0000000000..3e675a8d75
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.c
@@ -0,0 +1,336 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WIN32
+#include <memory.h>
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/seed.h>
+#include "seed_locl.h"
+
+#ifdef SS       /* can get defined on Solaris by inclusion of <stdlib.h> */
+#undef SS
+#endif
+
+static const seed_word SS[4][256] = {   {
+        0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+        0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+        0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+        0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+        0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+        0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+        0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+        0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+        0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+        0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+        0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+        0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+        0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+        0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+        0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+        0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+        0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+        0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+        0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,
+        0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+        0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+        0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+        0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+        0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+        0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+        0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+        0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+        0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+        0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+        0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+        0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,
+        0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+},      {
+        0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+        0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+        0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+        0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+        0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+        0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+        0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+        0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+        0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+        0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+        0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+        0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+        0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+        0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,
+        0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+        0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+        0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+        0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+        0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+        0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+        0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+        0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+        0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+        0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+        0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+        0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+        0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+        0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+        0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+        0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+        0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+        0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+},      {
+        0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+        0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+        0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+        0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+        0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+        0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+        0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+        0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+        0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+        0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+        0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+        0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+        0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+        0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+        0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+        0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+        0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+        0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+        0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,
+        0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+        0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+        0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+        0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+        0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+        0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+        0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+        0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+        0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+        0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+        0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+        0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,
+        0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+},      {
+        0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+        0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+        0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+        0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+        0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+        0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+        0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+        0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+        0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+        0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+        0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+        0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+        0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+        0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,
+        0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+        0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+        0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+        0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+        0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+        0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+        0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+        0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+        0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+        0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+        0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+        0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+        0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+        0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+        0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+        0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+        0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+        0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+}       };
+
+/* key schedule constants - golden ratio */
+#define KC0     0x9e3779b9
+#define KC1     0x3c6ef373
+#define KC2     0x78dde6e6
+#define KC3     0xf1bbcdcc
+#define KC4     0xe3779b99
+#define KC5     0xc6ef3733
+#define KC6     0x8dde6e67
+#define KC7     0x1bbcdccf
+#define KC8     0x3779b99e
+#define KC9     0x6ef3733c
+#define KC10    0xdde6e678
+#define KC11    0xbbcdccf1
+#define KC12    0x779b99e3
+#define KC13    0xef3733c6
+#define KC14    0xde6e678d
+#define KC15    0xbcdccf1b
+
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+static const seed_word KC[] = {
+        KC0,    KC1,    KC2,    KC3,    KC4,    KC5,    KC6,    KC7,
+        KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
+#endif
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+#ifdef OPENSSL_FIPS
+        {
+        fips_cipher_abort(SEED);
+        private_SEED_set_key(rawkey, ks);
+        }
+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+#endif
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(rawkey   , x1);
+        char2word(rawkey+4 , x2);
+        char2word(rawkey+8 , x3);
+        char2word(rawkey+12, x4);
+
+        t0 = (x1 + x3 - KC0) & 0xffffffff;
+        t1 = (x2 - x4 + KC0) & 0xffffffff;                     KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);      KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);      KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);      KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);      KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);      KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);      KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);      KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);      KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);      KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);     KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);     KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);     KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);     KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);     KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);     KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+#else
+        {
+            int i;
+            for (i=2; i<16; i+=2) {
+                KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]);
+                KEYUPDATE_TEMP(t0, t1, &ks->data[i*2]);
+                KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i+1]);
+                KEYUPDATE_TEMP(t0, t1, &ks->data[i*2+2]);
+            }
+        }
+#endif
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)   
+        E_SEED(t0, t1, x1, x2, x3, x4, 0);
+        E_SEED(t0, t1, x3, x4, x1, x2, 2);
+        E_SEED(t0, t1, x1, x2, x3, x4, 4);
+        E_SEED(t0, t1, x3, x4, x1, x2, 6);
+        E_SEED(t0, t1, x1, x2, x3, x4, 8);
+        E_SEED(t0, t1, x3, x4, x1, x2, 10);
+        E_SEED(t0, t1, x1, x2, x3, x4, 12);
+        E_SEED(t0, t1, x3, x4, x1, x2, 14);
+        E_SEED(t0, t1, x1, x2, x3, x4, 16);
+        E_SEED(t0, t1, x3, x4, x1, x2, 18);
+        E_SEED(t0, t1, x1, x2, x3, x4, 20);
+        E_SEED(t0, t1, x3, x4, x1, x2, 22);
+        E_SEED(t0, t1, x1, x2, x3, x4, 24);
+        E_SEED(t0, t1, x3, x4, x1, x2, 26);
+        E_SEED(t0, t1, x1, x2, x3, x4, 28);
+        E_SEED(t0, t1, x3, x4, x1, x2, 30);
+#else
+        {
+            int i;
+            for (i=0;i<30;i+=4) {
+                E_SEED(t0,t1,x1,x2,x3,x4,i);
+                E_SEED(t0,t1,x3,x4,x1,x2,i+2);
+            }
+        }
+#endif
+
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        E_SEED(t0, t1, x1, x2, x3, x4, 30);
+        E_SEED(t0, t1, x3, x4, x1, x2, 28);
+        E_SEED(t0, t1, x1, x2, x3, x4, 26);
+        E_SEED(t0, t1, x3, x4, x1, x2, 24);
+        E_SEED(t0, t1, x1, x2, x3, x4, 22);
+        E_SEED(t0, t1, x3, x4, x1, x2, 20);
+        E_SEED(t0, t1, x1, x2, x3, x4, 18);
+        E_SEED(t0, t1, x3, x4, x1, x2, 16);
+        E_SEED(t0, t1, x1, x2, x3, x4, 14);
+        E_SEED(t0, t1, x3, x4, x1, x2, 12);
+        E_SEED(t0, t1, x1, x2, x3, x4, 10);
+        E_SEED(t0, t1, x3, x4, x1, x2, 8);
+        E_SEED(t0, t1, x1, x2, x3, x4, 6);
+        E_SEED(t0, t1, x3, x4, x1, x2, 4);
+        E_SEED(t0, t1, x1, x2, x3, x4, 2);
+        E_SEED(t0, t1, x3, x4, x1, x2, 0);
+#else
+        {
+            int i;
+            for (i=30; i>0; i-=4) {
+                E_SEED(t0, t1, x1, x2, x3, x4, i);
+                E_SEED(t0, t1, x3, x4, x1, x2, i-2);
+
+            }
+        }
+#endif
+
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+
+#endif /* OPENSSL_NO_SEED */
diff --git a/src/lib/libcrypto/seed/seed.h b/src/lib/libcrypto/seed/seed.h
new file mode 100644
index 0000000000..c50fdd3607
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.h
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#ifndef HEADER_SEED_H
+#define HEADER_SEED_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/e_os2.h>
+#include <openssl/crypto.h>
+
+#ifdef OPENSSL_NO_SEED
+#error SEED is disabled.
+#endif
+
+#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
+# ifndef SEED_LONG
+#  define SEED_LONG 1
+# endif
+#endif
+
+#if !defined(NO_SYS_TYPES_H)
+# include <sys/types.h>
+#endif
+
+#define SEED_BLOCK_SIZE 16
+#define SEED_KEY_LENGTH 16
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct seed_key_st {
+#ifdef SEED_LONG
+    unsigned long data[32];
+#else
+    unsigned int data[32];
+#endif
+} SEED_KEY_SCHEDULE;
+
+#ifdef OPENSSL_FIPS
+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+#endif
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_H */
diff --git a/src/lib/libcrypto/seed/seed_cbc.c b/src/lib/libcrypto/seed/seed_cbc.c
new file mode 100644
index 0000000000..6c3f9b527a
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cbc.c
@@ -0,0 +1,63 @@
+/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+        {
+        if (enc)
+                CRYPTO_cbc128_encrypt(in,out,len,ks,ivec,(block128_f)SEED_encrypt);
+        else
+                CRYPTO_cbc128_decrypt(in,out,len,ks,ivec,(block128_f)SEED_decrypt);
+        }
diff --git a/src/lib/libcrypto/seed/seed_cfb.c b/src/lib/libcrypto/seed/seed_cfb.c
new file mode 100644
index 0000000000..694597dd06
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cfb.c
@@ -0,0 +1,116 @@
+/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)
+        {
+        CRYPTO_cfb128_encrypt(in,out,len,ks,ivec,num,enc,(block128_f)SEED_encrypt);
+        }
diff --git a/src/lib/libcrypto/seed/seed_ecb.c b/src/lib/libcrypto/seed/seed_ecb.c
new file mode 100644
index 0000000000..e63f5ae14e
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ecb.c
@@ -0,0 +1,60 @@
+/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc) 
+        {
+        if (enc)
+                SEED_encrypt(in, out, ks);
+        else
+                SEED_decrypt(in, out, ks);
+        }
diff --git a/src/lib/libcrypto/seed/seed_locl.h b/src/lib/libcrypto/seed/seed_locl.h
new file mode 100644
index 0000000000..fd456b6422
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_locl.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+#define HEADER_SEED_LOCL_H
+
+#include "openssl/e_os2.h"
+#include <openssl/seed.h>
+
+
+#ifdef SEED_LONG /* need 32-bit type */
+typedef unsigned long seed_word;
+#else
+typedef unsigned int seed_word;
+#endif
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
+
+#define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+#define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+
+#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+#define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+
+#define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+
+#define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_LOCL_H */
diff --git a/src/lib/libcrypto/seed/seed_ofb.c b/src/lib/libcrypto/seed/seed_ofb.c
new file mode 100644
index 0000000000..3c8ba33bb9
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ofb.c
@@ -0,0 +1,116 @@
+/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+        {
+        CRYPTO_ofb128_encrypt(in,out,len,ks,ivec,num,(block128_f)SEED_encrypt);
+        }
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
new file mode 100644
index 0000000000..2eb2b7af99
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile
@@ -0,0 +1,168 @@
+#
+# OpenSSL/crypto/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+SHA1_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=shatest.c sha1test.c sha256t.c sha512t.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+sha1-586.s:     asm/sha1-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+sha256-586.s:   asm/sha256-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+sha512-586.s:   asm/sha512-586.pl ../perlasm/x86asm.pl
+        $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+sha1-ia64.s:   asm/sha1-ia64.pl
+        (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
+sha256-ia64.s: asm/sha512-ia64.pl
+        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+sha512-ia64.s: asm/sha512-ia64.pl
+        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+
+sha256-armv4.S: asm/sha256-armv4.pl
+        $(PERL) $< $(PERLASM_SCHEME) $@
+
+sha1-alpha.s:   asm/sha1-alpha.pl
+        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+        $(PERL) asm/sha1-alpha.pl > $$preproc && \
+        $(CC) -E $$preproc > $@ && rm $$preproc)
+
+# Solaris make has to be explicitly told
+sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
+sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@
+sha1-sparcv9.s: asm/sha1-sparcv9.pl;    $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS)
+sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS)
+
+sha1-ppc.s:     asm/sha1-ppc.pl;        $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
+sha256-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+sha512-ppc.s:   asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
+
+sha1-parisc.s:  asm/sha1-parisc.pl;     $(PERL) asm/sha1-parisc.pl $(PERLASM_SCHEME) $@
+sha256-parisc.s:asm/sha512-parisc.pl;   $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
+sha512-parisc.s:asm/sha512-parisc.pl;   $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
+
+sha1-mips.S:    asm/sha1-mips.pl;       $(PERL) asm/sha1-mips.pl $(PERLASM_SCHEME) $@
+sha256-mips.S:  asm/sha512-mips.pl;     $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
+sha512-mips.S:  asm/sha512-mips.pl;     $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
+
+# GNU make "catch all"
+sha1-%.S:       asm/sha1-%.pl;          $(PERL) $< $(PERLASM_SCHEME) $@
+sha256-%.S:     asm/sha512-%.pl;        $(PERL) $< $(PERLASM_SCHEME) $@
+sha512-%.S:     asm/sha512-%.pl;        $(PERL) $< $(PERLASM_SCHEME) $@
+
+sha1-armv4-large.o:     sha1-armv4-large.S
+sha256-armv4.o:         sha256-armv4.S
+sha512-armv4.o:         sha512-armv4.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha1_one.o: sha1_one.c
+sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha1dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
+sha512.o: ../../e_os.h ../../include/openssl/bio.h
+sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha512.o: ../cryptlib.h sha512.c
+sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha_one.o: ../../include/openssl/symhacks.h sha_one.c
diff --git a/src/lib/libcrypto/sha/asm/README b/src/lib/libcrypto/sha/asm/README
new file mode 100644
index 0000000000..b7e755765f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/README
@@ -0,0 +1 @@
+C2.pl works
diff --git a/src/lib/libcrypto/sha/sha.c b/src/lib/libcrypto/sha/sha.c
new file mode 100644
index 0000000000..42126551d1
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.c
@@ -0,0 +1,124 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        SHA_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA_Update(&c,buf,(unsigned long)i);
+                }
+        SHA_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
new file mode 100644
index 0000000000..d350c88ee4
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,127 @@
+/* crypto/sha/sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA1(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+
+void do_fp(FILE *f)
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+
+        fd=fileno(f);
+        SHA1_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA1_Update(&c,buf,(unsigned long)i);
+                }
+        SHA1_Final(&(md[0]),&c);
+        pt(md);
+        }
+
+void pt(unsigned char *md)
+        {
+        int i;
+
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
+
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index c56ec94020..7c65b60276 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/crypto.h>
 #include <openssl/sha.h>
+#include <openssl/crypto.h>
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index a98690225f..81219af088 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c
new file mode 100644
index 0000000000..6feb3964c7
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1test.c
@@ -0,0 +1,178 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+#undef SHA_0 /* FIPS 180 */
+#define  SHA_1 /* FIPS 180-1 */
+
+static char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+
+#ifdef SHA_0
+static char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+static char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+static char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        EVP_MD_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0], test[0], strlen(test[0]));
+        ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+        EVP_MD_CTX_init(&c);
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA1 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+
+        memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+        EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+        for (i=0; i<1000; i++)
+                EVP_DigestUpdate(&c,buf,1000);
+        EVP_DigestFinal_ex(&c,md,NULL);
+        p=pt(md);
+
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA1 on 'a' * 1000\n");
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        EVP_MD_CTX_cleanup(&c);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/sha256t.c b/src/lib/libcrypto/sha/sha256t.c
new file mode 100644
index 0000000000..6b4a3bd001
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha256t.c
@@ -0,0 +1,147 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
+int main(int argc, char *argv[])
+{
+    printf("No SHA256 support\n");
+    return(0);
+}
+#else
+
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+        0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+        0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+        0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+        0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad };
+
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+        0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+        0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+        0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+        0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 };
+
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+        0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+        0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+        0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+        0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 };
+
+unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
+        0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,
+        0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,
+        0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,
+        0xe3,0x6c,0x9d,0xa7 };
+
+unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
+        0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,
+        0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,
+        0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,
+        0x52,0x52,0x25,0x25 };
+
+unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
+        0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,
+        0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,
+        0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,
+        0x4e,0xe7,0xad,0x67 };
+
+int main (int argc,char **argv)
+{ unsigned char md[SHA256_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+
+    fprintf(stdout,"Testing SHA-256 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b1,sizeof(app_b1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b2,sizeof(app_b2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);
+    for (i=0;i<1000000;i+=160)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<160?1000000-i:160);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_b3,sizeof(app_b3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+    fprintf(stdout,"Testing SHA-224 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_1,sizeof(addenum_1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_2,sizeof(addenum_2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,addenum_3,sizeof(addenum_3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/sha/sha512t.c b/src/lib/libcrypto/sha/sha512t.c
new file mode 100644
index 0000000000..210041d435
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha512t.c
@@ -0,0 +1,184 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
+int main(int argc, char *argv[])
+{
+    printf("No SHA512 support\n");
+    return(0);
+}
+#else
+
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+        0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
+        0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+        0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
+        0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+        0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
+        0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+        0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
+        0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
+
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+        0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
+        0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
+        0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
+        0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
+        0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
+        0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
+        0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
+        0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
+
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+        0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
+        0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
+        0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
+        0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
+        0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
+        0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
+        0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
+        0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
+
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+        0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+        0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+        0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+        0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+        0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+        0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
+
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+        0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+        0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+        0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+        0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+        0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+        0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
+
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+        0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+        0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+        0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+        0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+        0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+        0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+
+int main (int argc,char **argv)
+{ unsigned char md[SHA512_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+
+#ifdef OPENSSL_IA32_SSE2
+    /* Alternative to this is to call OpenSSL_add_all_algorithms...
+     * The below code is retained exclusively for debugging purposes. */
+    { char      *env;
+
+        if ((env=getenv("OPENSSL_ia32cap")))
+            OPENSSL_ia32cap = strtoul (env,NULL,0);
+    }
+#endif
+
+    fprintf(stdout,"Testing SHA-512 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c1,sizeof(app_c1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c2,sizeof(app_c2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);
+    for (i=0;i<1000000;i+=288)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<288?1000000-i:288);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_c3,sizeof(app_c3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+    fprintf(stdout,"Testing SHA-384 ");
+
+    EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d1,sizeof(app_d1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d2,sizeof(app_d2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+
+    if (memcmp(md,app_d3,sizeof(app_d3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
new file mode 100644
index 0000000000..c946ad827d
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -0,0 +1,75 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
+
+#undef  SHA_1
+#define SHA_0
+
+#include <openssl/opensslv.h>
+
+const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in ../md32_common.h */
+
+#include "sha_locl.h"
+
+#endif
+
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
index d673255f78..7a0c3ca8d8 100644
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -69,11 +69,11 @@
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
-        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
-        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
-        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
-        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h0; HOST_l2c(ll,(s));   \
+        ll=(c)->h1; HOST_l2c(ll,(s));   \
+        ll=(c)->h2; HOST_l2c(ll,(s));   \
+        ll=(c)->h3; HOST_l2c(ll,(s));   \
+        ll=(c)->h4; HOST_l2c(ll,(s));   \
         } while (0)
 
 #if defined(SHA_0)
@@ -256,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                 }
         else
                 {
-                (void)HOST_c2l(data,l); X( 0)=l;        (void)HOST_c2l(data,l); X( 1)=l;
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       (void)HOST_c2l(data,l); X( 2)=l;
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       (void)HOST_c2l(data,l); X( 3)=l;
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       (void)HOST_c2l(data,l); X( 4)=l;
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       (void)HOST_c2l(data,l); X( 5)=l;
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       (void)HOST_c2l(data,l); X( 6)=l;
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       (void)HOST_c2l(data,l); X( 7)=l;
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       (void)HOST_c2l(data,l); X( 8)=l;
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       (void)HOST_c2l(data,l); X( 9)=l;
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       (void)HOST_c2l(data,l); X(10)=l;
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       (void)HOST_c2l(data,l); X(11)=l;
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       (void)HOST_c2l(data,l); X(12)=l;
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       (void)HOST_c2l(data,l); X(13)=l;
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       (void)HOST_c2l(data,l); X(14)=l;
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       (void)HOST_c2l(data,l); X(15)=l;
+                HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
+                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
+                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
+                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
+                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
+                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
+                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
+                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
+                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
+                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
+                BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
+                BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
+                BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
+                BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
                 BODY_00_15(14,E,T,A,B,C,D,X(14));
                 BODY_00_15(15,D,E,T,A,B,C,X(15));
                 }
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
new file mode 100644
index 0000000000..3bae623ce8
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -0,0 +1,78 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SHA0
+unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        if (!SHA_Init(&c))
+                return NULL;
+        SHA_Update(&c,d,n);
+        SHA_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c));
+        return(md);
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c
new file mode 100644
index 0000000000..27614646d1
--- /dev/null
+++ b/src/lib/libcrypto/sha/shatest.c
@@ -0,0 +1,178 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
+int main(int argc, char *argv[])
+{
+    printf("No SHA0 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+#define SHA_0 /* FIPS 180 */
+#undef  SHA_1 /* FIPS 180-1 */
+
+static char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+
+#ifdef SHA_0
+static char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+static char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+static char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        EVP_MD_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0], test[0], strlen(test[0]));
+        ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+        EVP_MD_CTX_init(&c);
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
+                p=pt(md);
+                if (strcmp(p,*R) != 0)
+                        {
+                        printf("error calculating SHA on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+
+        memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+        EVP_DigestInit_ex(&c,EVP_sha(), NULL);
+        for (i=0; i<1000; i++)
+                EVP_DigestUpdate(&c,buf,1000);
+        EVP_DigestFinal_ex(&c,md,NULL);
+        p=pt(md);
+
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA on '%s'\n",p);
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EVP_MD_CTX_cleanup(&c);
+        EXIT(err);
+        return(0);
+        }
+
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/shlib_version b/src/lib/libcrypto/shlib_version
new file mode 100644
index 0000000000..df4de0fc4d
--- /dev/null
+++ b/src/lib/libcrypto/shlib_version
@@ -0,0 +1,2 @@
+major=23
+minor=0
diff --git a/src/lib/libcrypto/srp/Makefile b/src/lib/libcrypto/srp/Makefile
new file mode 100644
index 0000000000..41859d46fa
--- /dev/null
+++ b/src/lib/libcrypto/srp/Makefile
@@ -0,0 +1,98 @@
+DIR=    srp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=srptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=srp_lib.c srp_vfy.c
+LIBOBJ=srp_lib.o srp_vfy.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= srp.h
+HEADER= $(EXHEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+srptest: top srptest.c $(LIB)
+        $(CC) $(CFLAGS) -Wall -Werror -g -o srptest srptest.c $(LIB)
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+srp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+srp_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+srp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+srp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+srp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+srp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h
+srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+srp_lib.o: ../cryptlib.h srp_grps.h srp_lcl.h srp_lib.c
+srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
+srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+srp_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+srp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+srp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+srp_vfy.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h
+srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h
+srp_vfy.o: ../cryptlib.h srp_lcl.h srp_vfy.c
diff --git a/src/lib/libcrypto/srp/srp.h b/src/lib/libcrypto/srp/srp.h
new file mode 100644
index 0000000000..7ec7825cad
--- /dev/null
+++ b/src/lib/libcrypto/srp/srp.h
@@ -0,0 +1,172 @@
+/* crypto/srp/srp.h */
+/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
+ * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef __SRP_H__
+#define __SRP_H__
+
+#ifndef OPENSSL_NO_SRP
+
+#include <stdio.h>
+#include <string.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/safestack.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+
+typedef struct SRP_gN_cache_st
+        {
+        char *b64_bn;
+        BIGNUM *bn;
+        } SRP_gN_cache;
+
+
+DECLARE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st
+        {
+        char *id;
+        BIGNUM *s;
+        BIGNUM *v;
+        const BIGNUM *g;
+        const BIGNUM *N;
+        char *info;
+        } SRP_user_pwd;
+
+DECLARE_STACK_OF(SRP_user_pwd)
+
+typedef struct SRP_VBASE_st
+        {
+        STACK_OF(SRP_user_pwd) *users_pwd;
+        STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+        char *seed_key;
+        BIGNUM *default_g;
+        BIGNUM *default_N;
+        } SRP_VBASE;
+
+
+/*Structure interne pour retenir les couples N et g*/
+typedef struct SRP_gN_st
+        {
+        char *id;
+        BIGNUM *g;
+        BIGNUM *N;
+        } SRP_gN;
+
+DECLARE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+int SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file);
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
+
+
+#define SRP_NO_ERROR 0
+#define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+#define SRP_ERR_VBASE_BN_LIB 2
+#define SRP_ERR_OPEN_FILE 3
+#define SRP_ERR_MEMORY 4
+
+#define DB_srptype      0
+#define DB_srpverifier  1
+#define DB_srpsalt      2
+#define DB_srpid        3              
+#define DB_srpgN        4       
+#define DB_srpinfo      5 
+#undef  DB_NUMBER      
+#define DB_NUMBER       6
+
+#define DB_SRP_INDEX    'I'
+#define DB_SRP_VALID    'V'
+#define DB_SRP_REVOKED  'R'
+#define DB_SRP_MODIF    'v'
+
+
+/* see srp.c */
+char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); 
+SRP_gN *SRP_get_default_gN(const char * id) ;
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N);
+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ;
+
+
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u);
+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
+
+#define SRP_MINIMAL_N 1024
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+#endif
diff --git a/src/lib/libcrypto/srp/srp_grps.h b/src/lib/libcrypto/srp/srp_grps.h
new file mode 100644
index 0000000000..8e3c35e3f5
--- /dev/null
+++ b/src/lib/libcrypto/srp/srp_grps.h
@@ -0,0 +1,517 @@
+/* start of generated data */
+
+static BN_ULONG bn_group_1024_value[] = {
+        bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
+        bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
+        bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
+        bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
+        bn_pack4(0xC529,0xF566,0x660E,0x57EC),
+        bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
+        bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
+        bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
+        bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
+        bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
+        bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
+        bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
+        bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
+        bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
+        bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
+        bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
+};
+static BIGNUM bn_group_1024 = {
+        bn_group_1024_value,
+        (sizeof bn_group_1024_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_1024_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_1536_value[] = {
+        bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
+        bn_pack4(0x1518,0x0F93,0x499A,0x234D),
+        bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
+        bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
+        bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
+        bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
+        bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
+        bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
+        bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
+        bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
+        bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
+        bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
+        bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
+        bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
+        bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
+        bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
+        bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
+        bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
+        bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
+        bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
+        bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
+        bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
+        bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
+        bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
+};
+static BIGNUM bn_group_1536 = {
+        bn_group_1536_value,
+        (sizeof bn_group_1536_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_1536_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_2048_value[] = {
+        bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
+        bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
+        bn_pack4(0x35DE,0x236D,0x525F,0x5475),
+        bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
+        bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
+        bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
+        bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
+        bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
+        bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
+        bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
+        bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
+        bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
+        bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
+        bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
+        bn_pack4(0x76BD,0x207A,0x436C,0x6481),
+        bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
+        bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
+        bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
+        bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
+        bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
+        bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
+        bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
+        bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
+        bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
+        bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
+        bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
+        bn_pack4(0x8193,0xE075,0x7767,0xA13D),
+        bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
+        bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
+        bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
+        bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
+        bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
+};
+static BIGNUM bn_group_2048 = {
+        bn_group_2048_value,
+        (sizeof bn_group_2048_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_2048_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_3072_value[] = {
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
+};
+static BIGNUM bn_group_3072 = {
+        bn_group_3072_value,
+        (sizeof bn_group_3072_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_3072_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_4096_value[] = {
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
+};
+static BIGNUM bn_group_4096 = {
+        bn_group_4096_value,
+        (sizeof bn_group_4096_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_4096_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_6144_value[] = {
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
+};
+static BIGNUM bn_group_6144 = {
+        bn_group_6144_value,
+        (sizeof bn_group_6144_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_6144_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_group_8192_value[] = {
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
+        bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
+        bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
+        bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
+        bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
+        bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
+        bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
+        bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
+        bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
+        bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
+        bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
+        bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
+        bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
+        bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
+        bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
+        bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
+        bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
+        bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
+        bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
+        bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
+        bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
+        bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
+        bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
+        bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
+        bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
+        bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
+        bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
+        bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
+        bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
+        bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
+        bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
+        bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
+        bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
+};
+static BIGNUM bn_group_8192 = {
+        bn_group_8192_value,
+        (sizeof bn_group_8192_value)/sizeof(BN_ULONG),
+        (sizeof bn_group_8192_value)/sizeof(BN_ULONG),
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static BN_ULONG bn_generator_19_value[] = {19} ;
+static BIGNUM bn_generator_19 = {
+        bn_generator_19_value,
+        1,
+        1,
+        0,
+        BN_FLG_STATIC_DATA
+};
+static BN_ULONG bn_generator_5_value[] = {5} ;
+static BIGNUM bn_generator_5 = {
+        bn_generator_5_value,
+        1,
+        1,
+        0,
+        BN_FLG_STATIC_DATA
+};
+static BN_ULONG bn_generator_2_value[] = {2} ;
+static BIGNUM bn_generator_2 = {
+        bn_generator_2_value,
+        1,
+        1,
+        0,
+        BN_FLG_STATIC_DATA
+};
+
+static SRP_gN knowngN[] = {
+        {"8192",&bn_generator_19 , &bn_group_8192},
+        {"6144",&bn_generator_5 , &bn_group_6144},
+        {"4096",&bn_generator_5 , &bn_group_4096},
+        {"3072",&bn_generator_5 , &bn_group_3072},
+        {"2048",&bn_generator_2 , &bn_group_2048},
+        {"1536",&bn_generator_2 , &bn_group_1536},
+        {"1024",&bn_generator_2 , &bn_group_1024},
+};
+#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
+/* end of generated data */
diff --git a/src/lib/libcrypto/srp/srp_lcl.h b/src/lib/libcrypto/srp/srp_lcl.h
new file mode 100644
index 0000000000..42bda3f148
--- /dev/null
+++ b/src/lib/libcrypto/srp/srp_lcl.h
@@ -0,0 +1,83 @@
+/* crypto/srp/srp_lcl.h */
+/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_SRP_LCL_H
+#define HEADER_SRP_LCL_H
+
+#include <openssl/srp.h>
+#include <openssl/sha.h>
+
+#if 0
+#define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
+   fprintf(stderr,"\n");}
+#else
+#define   srp_bn_print(a)
+#endif
+
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c
new file mode 100644
index 0000000000..7c1dcc5111
--- /dev/null
+++ b/src/lib/libcrypto/srp/srp_lib.c
@@ -0,0 +1,361 @@
+/* crypto/srp/srp_lib.c */
+/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
+ * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_SRP
+#include "cryptlib.h"
+#include "srp_lcl.h"
+#include <openssl/srp.h>
+#include <openssl/evp.h>
+
+#if (BN_BYTES == 8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+# elif defined(__arch64__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+# else
+#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+# endif
+#elif (BN_BYTES == 4)
+# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+#else
+# error "unsupported BN_BYTES"
+#endif
+
+
+#include "srp_grps.h"
+
+static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
+        {
+        /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+
+        unsigned char digest[SHA_DIGEST_LENGTH];
+        unsigned char *tmp;
+        EVP_MD_CTX ctxt;
+        int longg ;
+        int longN = BN_num_bytes(N);
+
+        if ((tmp = OPENSSL_malloc(longN)) == NULL)
+                return NULL;
+        BN_bn2bin(N,tmp) ;
+
+        EVP_MD_CTX_init(&ctxt);
+        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctxt, tmp, longN);
+
+        memset(tmp, 0, longN);
+        longg = BN_bn2bin(g,tmp) ;
+        /* use the zeros behind to pad on left */
+        EVP_DigestUpdate(&ctxt, tmp + longg, longN-longg);
+        EVP_DigestUpdate(&ctxt, tmp, longg);
+        OPENSSL_free(tmp);
+
+        EVP_DigestFinal_ex(&ctxt, digest, NULL);
+        EVP_MD_CTX_cleanup(&ctxt);
+        return BN_bin2bn(digest, sizeof(digest), NULL); 
+        }
+
+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+        {
+        /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
+
+        BIGNUM *u;      
+        unsigned char cu[SHA_DIGEST_LENGTH];
+        unsigned char *cAB;
+        EVP_MD_CTX ctxt;
+        int longN;  
+        if ((A == NULL) ||(B == NULL) || (N == NULL))
+                return NULL;
+
+        longN= BN_num_bytes(N);
+
+        if ((cAB = OPENSSL_malloc(2*longN)) == NULL) 
+                return NULL;
+
+        memset(cAB, 0, longN);
+
+        EVP_MD_CTX_init(&ctxt);
+        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN);
+        EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN);
+        OPENSSL_free(cAB);
+        EVP_DigestFinal_ex(&ctxt, cu, NULL);
+        EVP_MD_CTX_cleanup(&ctxt);
+
+        if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
+                return NULL;
+        if (!BN_is_zero(u))
+                return u;
+        BN_free(u);
+        return NULL;
+}
+
+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N)
+        {
+        BIGNUM *tmp = NULL, *S = NULL;
+        BN_CTX *bn_ctx; 
+        
+        if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
+                return NULL; 
+
+        if ((bn_ctx = BN_CTX_new()) == NULL ||
+                (tmp = BN_new()) == NULL ||
+                (S = BN_new()) == NULL )
+                goto err;
+
+        /* S = (A*v**u) ** b */ 
+
+        if (!BN_mod_exp(tmp,v,u,N,bn_ctx))
+                goto err;
+        if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx))
+                goto err;
+        if (!BN_mod_exp(S,tmp,b,N,bn_ctx))
+                goto err;
+err:
+        BN_CTX_free(bn_ctx);
+        BN_clear_free(tmp);
+        return S;
+        }
+
+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+        {
+        BIGNUM  *kv = NULL, *gb = NULL;
+        BIGNUM *B = NULL, *k = NULL;
+        BN_CTX *bn_ctx;
+
+        if (b == NULL || N == NULL || g == NULL || v == NULL ||
+                (bn_ctx = BN_CTX_new()) == NULL)
+                return NULL; 
+
+        if ( (kv = BN_new()) == NULL ||
+                (gb = BN_new()) == NULL ||
+                (B = BN_new())== NULL)
+                goto err;
+
+        /* B = g**b + k*v */
+
+        if (!BN_mod_exp(gb,g,b,N,bn_ctx) ||
+           !(k = srp_Calc_k(N,g)) ||
+           !BN_mod_mul(kv,v,k,N,bn_ctx) || 
+           !BN_mod_add(B,gb,kv,N,bn_ctx))
+                {
+                BN_free(B);
+                B = NULL;
+                }
+err:
+        BN_CTX_free(bn_ctx);
+        BN_clear_free(kv);
+        BN_clear_free(gb);
+        BN_free(k); 
+        return B;
+        }
+
+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+        {
+        unsigned char dig[SHA_DIGEST_LENGTH];
+        EVP_MD_CTX ctxt;
+        unsigned char *cs;
+
+        if ((s == NULL) ||
+                (user == NULL) ||
+                (pass == NULL))
+                return NULL;
+
+        if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+                return NULL;
+
+        EVP_MD_CTX_init(&ctxt);
+        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctxt, user, strlen(user));
+        EVP_DigestUpdate(&ctxt, ":", 1);
+        EVP_DigestUpdate(&ctxt, pass, strlen(pass));
+        EVP_DigestFinal_ex(&ctxt, dig, NULL);
+
+        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+        BN_bn2bin(s,cs);
+        EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
+        OPENSSL_free(cs);
+        EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
+        EVP_DigestFinal_ex(&ctxt, dig, NULL);
+        EVP_MD_CTX_cleanup(&ctxt);
+
+        return BN_bin2bn(dig, sizeof(dig), NULL);
+        }
+
+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+        {
+        BN_CTX *bn_ctx; 
+        BIGNUM * A = NULL;
+
+        if (a == NULL || N == NULL || g == NULL ||
+                (bn_ctx = BN_CTX_new()) == NULL) 
+                return NULL;
+
+        if ((A = BN_new()) != NULL &&
+           !BN_mod_exp(A,g,a,N,bn_ctx))
+                {
+                BN_free(A);
+                A = NULL;
+                }
+        BN_CTX_free(bn_ctx);
+        return A;
+        }
+
+
+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u)
+        {
+        BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL , *k = NULL, *K = NULL;
+        BN_CTX *bn_ctx;
+
+        if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL || a == NULL ||
+                (bn_ctx = BN_CTX_new()) == NULL)
+                return NULL; 
+
+        if ((tmp = BN_new()) == NULL ||
+                (tmp2 = BN_new())== NULL ||
+                (tmp3 = BN_new())== NULL ||
+                (K = BN_new()) == NULL)
+                goto err;
+        
+        if (!BN_mod_exp(tmp,g,x,N,bn_ctx))
+                goto err;
+        if (!(k = srp_Calc_k(N,g)))
+                goto err;
+        if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx))
+                goto err;
+        if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx))
+                goto err;
+
+        if (!BN_mod_mul(tmp3,u,x,N,bn_ctx))
+                goto err;
+        if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx))
+                goto err;
+        if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx))
+                goto err;
+
+err :
+        BN_CTX_free(bn_ctx);
+        BN_clear_free(tmp);
+        BN_clear_free(tmp2);
+        BN_clear_free(tmp3);
+        BN_free(k);
+        return K;       
+        }
+
+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+        {
+        BIGNUM *r;
+        BN_CTX *bn_ctx; 
+        int ret = 0;
+
+        if (B == NULL || N == NULL ||
+                (bn_ctx = BN_CTX_new()) == NULL)
+                return 0;
+
+        if ((r = BN_new()) == NULL)
+                goto err;
+        /* Checks if B % N == 0 */
+        if (!BN_nnmod(r,B,N,bn_ctx))
+                goto err;
+        ret = !BN_is_zero(r);
+err:
+        BN_CTX_free(bn_ctx);
+        BN_free(r);
+        return ret;
+        }
+
+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
+        {
+        /* Checks if A % N == 0 */
+        return SRP_Verify_B_mod_N(A,N) ;
+        }
+
+
+/* Check if G and N are kwown parameters. 
+   The values have been generated from the ietf-tls-srp draft version 8
+*/
+char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
+        {
+        size_t i;
+        if ((g == NULL) || (N == NULL))
+                return 0;
+
+        srp_bn_print(g);
+        srp_bn_print(N);
+
+        for(i = 0; i < KNOWN_GN_NUMBER; i++)
+                {
+                if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) 
+                        return knowngN[i].id;
+                }
+        return NULL;
+        }
+
+SRP_gN *SRP_get_default_gN(const char *id)
+        {
+        size_t i;
+
+        if (id == NULL) 
+                return knowngN;
+        for(i = 0; i < KNOWN_GN_NUMBER; i++)
+                {
+                if (strcmp(knowngN[i].id, id)==0)
+                        return knowngN + i;
+                }
+        return NULL;
+        }
+#endif
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c
new file mode 100644
index 0000000000..4a3d13edf6
--- /dev/null
+++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -0,0 +1,658 @@
+/* crypto/srp/srp_vfy.c */
+/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
+ * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_SRP
+#include "cryptlib.h"
+#include "srp_lcl.h"
+#include <openssl/srp.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/txt_db.h>
+
+#define SRP_RANDOM_SALT_LEN 20
+#define MAX_LEN 2500
+
+static char b64table[] =
+  "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+/* the following two conversion routines have been inspired by code from Stanford */ 
+
+/*
+ * Convert a base64 string into raw byte array representation.
+ */
+static int t_fromb64(unsigned char *a, const char *src)
+        {
+        char *loc;
+        int i, j;
+        int size;
+
+        while(*src && (*src == ' ' || *src == '\t' || *src == '\n'))
+                ++src;
+        size = strlen(src);
+        i = 0;
+        while(i < size)
+                {
+                loc = strchr(b64table, src[i]);
+                if(loc == (char *) 0) break;
+                else a[i] = loc - b64table;
+                ++i;
+                }
+        size = i;
+        i = size - 1;
+        j = size;
+        while(1)
+                {
+                a[j] = a[i];
+                if(--i < 0) break;
+                a[j] |= (a[i] & 3) << 6;
+                --j;
+                a[j] = (unsigned char) ((a[i] & 0x3c) >> 2);
+                if(--i < 0) break;
+                a[j] |= (a[i] & 0xf) << 4;
+                --j;
+                a[j] = (unsigned char) ((a[i] & 0x30) >> 4);
+                if(--i < 0) break;
+                a[j] |= (a[i] << 2);
+
+                a[--j] = 0;
+                if(--i < 0) break;
+                }
+        while(a[j] == 0 && j <= size) ++j;
+        i = 0;
+        while (j <= size) a[i++] = a[j++];
+        return i;
+        }
+
+
+/*
+ * Convert a raw byte string into a null-terminated base64 ASCII string.
+ */
+static char *t_tob64(char *dst, const unsigned char *src, int size)
+        {
+        int c, pos = size % 3;
+        unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
+        char *olddst = dst;
+
+        switch(pos)
+                {
+        case 1:
+                b2 = src[0];
+                break;
+        case 2:
+                b1 = src[0];
+                b2 = src[1];
+                break;
+                }
+
+        while(1)
+                {
+                c = (b0 & 0xfc) >> 2;
+                if(notleading || c != 0)
+                        {
+                        *dst++ = b64table[c];
+                        notleading = 1;
+                        }
+                c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
+                if(notleading || c != 0)
+                        {
+                        *dst++ = b64table[c];
+                        notleading = 1;
+                        }
+                c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
+                if(notleading || c != 0)
+                        {
+                        *dst++ = b64table[c];
+                        notleading = 1;
+                        }
+                c = b2 & 0x3f;
+                if(notleading || c != 0)
+                        {
+                        *dst++ = b64table[c];
+                        notleading = 1;
+                        }
+                if(pos >= size) break;
+                else
+                        {
+                        b0 = src[pos++];
+                        b1 = src[pos++];
+                        b2 = src[pos++];
+                        }
+                }
+
+        *dst++ = '\0';
+        return olddst;
+        }
+
+static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+        {
+        if (user_pwd == NULL) 
+                return;
+        BN_free(user_pwd->s);
+        BN_clear_free(user_pwd->v);
+        OPENSSL_free(user_pwd->id);
+        OPENSSL_free(user_pwd->info);
+        OPENSSL_free(user_pwd);
+        }
+
+static SRP_user_pwd *SRP_user_pwd_new()
+        {
+        SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
+        if (ret == NULL)
+                return NULL;                                                            
+        ret->N = NULL;
+        ret->g = NULL;  
+        ret->s = NULL;
+        ret->v = NULL;
+        ret->id = NULL ;
+        ret->info = NULL;
+        return ret;
+        }
+
+static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                                const BIGNUM *N)
+        {
+        vinfo->N = N;
+        vinfo->g = g;   
+        }
+
+static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+                                const char *info)
+        {
+        if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
+                return 0;
+        return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))) ;
+        }
+
+static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+                               const char *v)
+        {
+        unsigned char tmp[MAX_LEN];
+        int len;
+
+        if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN) 
+                return 0; 
+        len = t_fromb64(tmp, v);
+        if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)) )
+                return 0;
+        len = t_fromb64(tmp, s);
+        return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL) ;
+        }
+
+static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+        {
+        vinfo->v = v;
+        vinfo->s = s;
+        return (vinfo->s != NULL && vinfo->v != NULL) ;
+        }
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key)
+        {
+        SRP_VBASE *vb = (SRP_VBASE *) OPENSSL_malloc(sizeof(SRP_VBASE));
+
+        if (vb == NULL)
+                return NULL;
+        if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
+                !(vb->gN_cache = sk_SRP_gN_cache_new_null()))
+                {
+                OPENSSL_free(vb);
+                return NULL;
+                }
+        vb->default_g = NULL;
+        vb->default_N = NULL;
+        vb->seed_key = NULL;
+        if ((seed_key != NULL) && 
+                (vb->seed_key = BUF_strdup(seed_key)) == NULL)
+                {
+                sk_SRP_user_pwd_free(vb->users_pwd);
+                sk_SRP_gN_cache_free(vb->gN_cache);
+                OPENSSL_free(vb);
+                return NULL;
+                }
+        return vb;
+        }
+
+
+int SRP_VBASE_free(SRP_VBASE *vb)
+        {
+        sk_SRP_user_pwd_pop_free(vb->users_pwd,SRP_user_pwd_free);
+        sk_SRP_gN_cache_free(vb->gN_cache);
+        OPENSSL_free(vb->seed_key);
+        OPENSSL_free(vb);
+        return 0;
+        }
+
+
+static SRP_gN_cache *SRP_gN_new_init(const char *ch)
+        {
+        unsigned char tmp[MAX_LEN];
+        int len;
+
+        SRP_gN_cache *newgN = (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
+        if (newgN == NULL)
+                return NULL;
+
+        if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
+                goto err;
+
+        len = t_fromb64(tmp, ch);
+        if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
+                return newgN;
+
+        OPENSSL_free(newgN->b64_bn);
+err:
+        OPENSSL_free(newgN);
+        return NULL;
+        }
+
+
+static void SRP_gN_free(SRP_gN_cache *gN_cache)
+        {
+        if (gN_cache == NULL)
+                return;
+        OPENSSL_free(gN_cache->b64_bn);
+        BN_free(gN_cache->bn);
+        OPENSSL_free(gN_cache);
+        }
+
+static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+        {
+        int i;
+
+        SRP_gN *gN;
+        if (gN_tab != NULL) 
+        for(i = 0; i < sk_SRP_gN_num(gN_tab); i++)
+                {
+                gN = sk_SRP_gN_value(gN_tab, i);
+                if (gN && (id == NULL || strcmp(gN->id,id)==0))
+                        return gN;
+                }
+        
+        return SRP_get_default_gN(id);
+        }
+
+static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
+        {
+        int i;
+        if (gN_cache == NULL)
+                return NULL;
+
+        /* search if we have already one... */
+        for(i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++)
+                {
+                SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
+                if (strcmp(cache->b64_bn,ch)==0)
+                        return cache->bn;
+                }
+                {               /* it is the first time that we find it */
+                SRP_gN_cache *newgN = SRP_gN_new_init(ch);
+                if (newgN)
+                        {
+                        if (sk_SRP_gN_cache_insert(gN_cache,newgN,0)>0)
+                                return newgN->bn;
+                        SRP_gN_free(newgN);
+                        }
+                }
+        return NULL;
+        }
+
+/* this function parses verifier file. Format is:
+ * string(index):base64(N):base64(g):0
+ * string(username):base64(v):base64(salt):int(index)
+ */
+
+
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+        {
+        int error_code ;
+        STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
+        char *last_index = NULL;
+        int i;
+        char **pp;
+
+        SRP_gN *gN = NULL;
+        SRP_user_pwd *user_pwd = NULL ;
+
+        TXT_DB *tmpdb = NULL;
+        BIO *in = BIO_new(BIO_s_file());
+
+        error_code = SRP_ERR_OPEN_FILE;
+
+        if (in == NULL || BIO_read_filename(in,verifier_file) <= 0)
+                goto err;
+
+        error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
+
+        if ((tmpdb =TXT_DB_read(in,DB_NUMBER)) == NULL)
+                goto err;
+
+        error_code = SRP_ERR_MEMORY;
+
+
+        if (vb->seed_key)
+                {
+                last_index = SRP_get_default_gN(NULL)->id;
+                }
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
+                {
+                pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
+                if (pp[DB_srptype][0] == DB_SRP_INDEX)
+                        {
+                        /*we add this couple in the internal Stack */
+
+                        if ((gN = (SRP_gN *)OPENSSL_malloc(sizeof(SRP_gN))) == NULL) 
+                                goto err;
+
+                        if  (!(gN->id = BUF_strdup(pp[DB_srpid]))
+                        ||  !(gN->N = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpverifier]))
+                        ||  !(gN->g = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpsalt]))
+                        ||  sk_SRP_gN_insert(SRP_gN_tab,gN,0) == 0)
+                                goto err;
+
+                        gN = NULL;
+
+                        if (vb->seed_key != NULL)
+                                {
+                                last_index = pp[DB_srpid];
+                                }
+                        }
+                else if (pp[DB_srptype][0] == DB_SRP_VALID)
+                        {
+                        /* it is a user .... */
+                        SRP_gN *lgN;
+                        if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN],SRP_gN_tab))!=NULL)
+                                {
+                                error_code = SRP_ERR_MEMORY;
+                                if ((user_pwd = SRP_user_pwd_new()) == NULL) 
+                                        goto err;
+                                
+                                SRP_user_pwd_set_gN(user_pwd,lgN->g,lgN->N);
+                                if (!SRP_user_pwd_set_ids(user_pwd, pp[DB_srpid],pp[DB_srpinfo]))
+                                        goto err;
+                                
+                                error_code = SRP_ERR_VBASE_BN_LIB;
+                                if (!SRP_user_pwd_set_sv(user_pwd, pp[DB_srpsalt],pp[DB_srpverifier]))
+                                        goto err;
+
+                                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
+                                        goto err;
+                                user_pwd = NULL; /* abandon responsability */
+                                }
+                        }
+                }
+        
+        if (last_index != NULL)
+                {
+                /* this means that we want to simulate a default user */
+
+                if (((gN = SRP_get_gN_by_id(last_index,SRP_gN_tab))==NULL))
+                        {
+                        error_code = SRP_ERR_VBASE_BN_LIB;
+                        goto err;
+                        }
+                vb->default_g = gN->g ;
+                vb->default_N = gN->N ;
+                gN = NULL ;
+                }
+        error_code = SRP_NO_ERROR;
+
+ err:
+        /* there may be still some leaks to fix, if this fails, the application terminates most likely */
+
+        if (gN != NULL)
+                {
+                OPENSSL_free(gN->id);
+                OPENSSL_free(gN);
+                }
+
+        SRP_user_pwd_free(user_pwd);
+
+        if (tmpdb) TXT_DB_free(tmpdb);
+        if (in) BIO_free_all(in);
+
+        sk_SRP_gN_free(SRP_gN_tab);
+
+        return error_code;
+
+        }
+
+
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+        {
+        int i;
+        SRP_user_pwd *user;
+        unsigned char digv[SHA_DIGEST_LENGTH];
+        unsigned char digs[SHA_DIGEST_LENGTH];
+        EVP_MD_CTX ctxt;
+
+        if (vb == NULL)
+                return NULL;
+        for(i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++)
+                {
+                user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+                if (strcmp(user->id,username)==0)
+                        return user;
+                }
+        if ((vb->seed_key == NULL) ||
+                (vb->default_g == NULL) ||
+                (vb->default_N == NULL))
+                return NULL;
+
+/* if the user is unknown we set parameters as well if we have a seed_key */
+
+        if ((user = SRP_user_pwd_new()) == NULL) 
+                return NULL;
+
+        SRP_user_pwd_set_gN(user,vb->default_g,vb->default_N);
+                                
+        if (!SRP_user_pwd_set_ids(user,username,NULL))
+                goto err;
+                
+        RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
+        EVP_MD_CTX_init(&ctxt);
+        EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
+        EVP_DigestUpdate(&ctxt, username, strlen(username));
+        EVP_DigestFinal_ex(&ctxt, digs, NULL);
+        EVP_MD_CTX_cleanup(&ctxt);
+        if (SRP_user_pwd_set_sv_BN(user, BN_bin2bn(digs,SHA_DIGEST_LENGTH,NULL), BN_bin2bn(digv,SHA_DIGEST_LENGTH, NULL))) 
+                return user;
+
+err:    SRP_user_pwd_free(user);
+        return NULL;
+        }
+
+
+/*
+   create a verifier (*salt,*verifier,g and N are in base64)
+*/
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g)
+        {
+        int len;
+        char * result=NULL;
+        char *vf;
+        BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
+        unsigned char tmp[MAX_LEN];
+        unsigned char tmp2[MAX_LEN];
+        char * defgNid = NULL;
+
+        if ((user == NULL)||
+                (pass == NULL)||
+                (salt == NULL)||
+                (verifier == NULL))
+                goto err;
+
+        if (N)
+                {
+                if (!(len = t_fromb64(tmp, N))) goto err;
+                N_bn = BN_bin2bn(tmp, len, NULL);
+                if (!(len = t_fromb64(tmp, g))) goto err;
+                g_bn = BN_bin2bn(tmp, len, NULL);
+                defgNid = "*";
+                }
+        else
+                { 
+                SRP_gN * gN = SRP_get_gN_by_id(g, NULL) ;
+                if (gN == NULL)
+                        goto err;
+                N_bn = gN->N;
+                g_bn = gN->g;
+                defgNid = gN->id;
+                }
+
+        if (*salt == NULL)
+                {
+                RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+
+                s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+                }
+        else
+                {
+                if (!(len = t_fromb64(tmp2, *salt)))
+                        goto err;
+                s = BN_bin2bn(tmp2, len, NULL);
+                }
+
+
+        if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
+
+        BN_bn2bin(v,tmp);
+        if (((vf = OPENSSL_malloc(BN_num_bytes(v)*2)) == NULL))
+                goto err;
+        t_tob64(vf, tmp, BN_num_bytes(v));
+
+        *verifier = vf;
+        if (*salt == NULL)
+                {
+                char *tmp_salt;
+
+                if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+                        {
+                        OPENSSL_free(vf);
+                        goto err;
+                        }
+                t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+                *salt = tmp_salt;
+                }
+
+        result=defgNid;
+
+err:
+        if(N)
+                {
+                BN_free(N_bn);
+                BN_free(g_bn);
+                }
+        return result;
+        }
+
+/*
+   create a verifier (*salt,*verifier,g and N are BIGNUMs)
+*/
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
+        {
+        int result=0;
+        BIGNUM *x = NULL;
+        BN_CTX *bn_ctx = BN_CTX_new();
+        unsigned char tmp2[MAX_LEN];
+
+        if ((user == NULL)||
+                (pass == NULL)||
+                (salt == NULL)||
+                (verifier == NULL)||
+                (N == NULL)||
+                (g == NULL)||
+                (bn_ctx == NULL))
+                goto err;
+
+        srp_bn_print(N);
+        srp_bn_print(g);
+
+        if (*salt == NULL)
+                {
+                RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
+
+                *salt = BN_bin2bn(tmp2,SRP_RANDOM_SALT_LEN,NULL);
+                }
+
+        x = SRP_Calc_x(*salt,user,pass);
+
+        *verifier = BN_new();
+        if(*verifier == NULL) goto err;
+
+        if (!BN_mod_exp(*verifier,g,x,N,bn_ctx))
+                {
+                BN_clear_free(*verifier);
+                goto err;
+                }
+
+        srp_bn_print(*verifier);
+
+        result=1;
+
+err:
+
+        BN_clear_free(x);
+        BN_CTX_free(bn_ctx);
+        return result;
+        }
+
+
+
+#endif
diff --git a/src/lib/libcrypto/srp/srptest.c b/src/lib/libcrypto/srp/srptest.c
new file mode 100644
index 0000000000..04b66b4544
--- /dev/null
+++ b/src/lib/libcrypto/srp/srptest.c
@@ -0,0 +1,162 @@
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SRP
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+        {
+        printf("No SRP support\n");
+        return(0);
+        }
+
+#else
+
+#include <openssl/srp.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+        {
+        fputs(name, stdout);
+        fputs(" = ", stdout);
+        BN_print_fp(stdout, bn);
+        putc('\n', stdout);
+        }
+
+#define RANDOM_SIZE 32  /* use 256 bits on each side */
+
+static int run_srp(const char *username, const char *client_pass, const char *server_pass)
+        {
+        int ret=-1;
+        BIGNUM *s = NULL;
+        BIGNUM *v = NULL;
+        BIGNUM *a = NULL;
+        BIGNUM *b = NULL;
+        BIGNUM *u = NULL;
+        BIGNUM *x = NULL;
+        BIGNUM *Apub = NULL;
+        BIGNUM *Bpub = NULL;
+        BIGNUM *Kclient = NULL;
+        BIGNUM *Kserver = NULL;
+        unsigned char rand_tmp[RANDOM_SIZE];
+        /* use builtin 1024-bit params */
+        SRP_gN *GN = SRP_get_default_gN("1024");
+
+        if(GN == NULL)
+                {
+                fprintf(stderr, "Failed to get SRP parameters\n");
+                return -1;
+                }
+        /* Set up server's password entry */
+        if(!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g))
+                {
+                fprintf(stderr, "Failed to create SRP verifier\n");
+                return -1;
+                }
+
+        showbn("N", GN->N);
+        showbn("g", GN->g);
+        showbn("Salt", s);
+        showbn("Verifier", v);
+
+        /* Server random */
+        RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+        b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
+        /* TODO - check b != 0 */
+        showbn("b", b);
+
+        /* Server's first message */
+        Bpub = SRP_Calc_B(b, GN->N, GN->g, v);
+        showbn("B", Bpub);
+
+        if(!SRP_Verify_B_mod_N(Bpub, GN->N))
+                {
+                fprintf(stderr, "Invalid B\n");
+                return -1;
+                }
+
+        /* Client random */
+        RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp));
+        a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
+        /* TODO - check a != 0 */
+        showbn("a", a);
+
+        /* Client's response */
+        Apub = SRP_Calc_A(a, GN->N, GN->g);
+        showbn("A", Apub);
+
+        if(!SRP_Verify_A_mod_N(Apub, GN->N))
+                {
+                fprintf(stderr, "Invalid A\n");
+                return -1;
+                }
+
+        /* Both sides calculate u */
+        u = SRP_Calc_u(Apub, Bpub, GN->N);
+
+        /* Client's key */
+        x = SRP_Calc_x(s, username, client_pass);
+        Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u);
+        showbn("Client's key", Kclient);
+
+        /* Server's key */
+        Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N);
+        showbn("Server's key", Kserver);
+
+        if(BN_cmp(Kclient, Kserver) == 0)
+                {
+                ret = 0;
+                }
+        else
+                {
+                fprintf(stderr, "Keys mismatch\n");
+                ret = 1;
+                }
+
+        BN_clear_free(Kclient);
+        BN_clear_free(Kserver);
+        BN_clear_free(x);
+        BN_free(u);
+        BN_free(Apub);
+        BN_clear_free(a);
+        BN_free(Bpub);
+        BN_clear_free(b);
+        BN_free(s);
+        BN_clear_free(v);
+
+        return ret;
+        }
+
+int main(int argc, char **argv)
+        {
+        BIO *bio_err;
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+        ERR_load_crypto_strings();
+
+        /* "Negative" test, expect a mismatch */
+        if(run_srp("alice", "password1", "password2") == 0)
+                {
+                fprintf(stderr, "Mismatched SRP run failed\n");
+                return 1;
+                }
+
+        /* "Positive" test, should pass */
+        if(run_srp("alice", "password", "password") != 0)
+                {
+                fprintf(stderr, "Plain SRP run failed\n");
+                return 1;
+                }
+
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_thread_state(NULL);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(bio_err);
+
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile
new file mode 100644
index 0000000000..5327692ac8
--- /dev/null
+++ b/src/lib/libcrypto/stack/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/stack/Makefile
+#
+
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= stack.h safestack.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+stack.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+stack.o: ../../include/openssl/symhacks.h ../cryptlib.h stack.c
diff --git a/src/lib/libcrypto/store/Makefile b/src/lib/libcrypto/store/Makefile
new file mode 100644
index 0000000000..0dcfd7857a
--- /dev/null
+++ b/src/lib/libcrypto/store/Makefile
@@ -0,0 +1,112 @@
+#
+# OpenSSL/crypto/store/Makefile
+#
+
+DIR=    store
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= storetest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c
+LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o
+
+SRC= $(LIBSRC)
+
+#EXHEADER= store.h str_compat.h
+EXHEADER= store.h
+HEADER= $(EXHEADER) str_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+str_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_err.o: str_err.c
+str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+str_lib.o: str_lib.c str_locl.h
+str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_mem.o: str_locl.h str_mem.c
+str_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+str_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_meth.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_meth.o: str_locl.h str_meth.c
diff --git a/src/lib/libcrypto/store/README b/src/lib/libcrypto/store/README
new file mode 100644
index 0000000000..966168f6a5
--- /dev/null
+++ b/src/lib/libcrypto/store/README
@@ -0,0 +1,95 @@
+The STORE type
+==============
+
+A STORE, as defined in this code section, is really a rather simple
+thing which stores objects and per-object associations to a number
+of attributes.  What attributes are supported entirely depends on
+the particular implementation of a STORE.  It has some support for
+generation of certain objects (for example, keys and CRLs).
+
+
+Supported object types
+----------------------
+
+For now, the objects that are supported are the following:
+
+X.509 certificate
+X.509 CRL
+private key
+public key
+number
+arbitrary (application) data
+
+The intention is that a STORE should be able to store everything
+needed by an application that wants a cert/key store, as well as
+the data a CA might need to store (this includes the serial number
+counter, which explains the support for numbers).
+
+
+Supported attribute types
+-------------------------
+
+For now, the following attributes are supported:
+
+Friendly Name           - the value is a normal C string
+Key ID                  - the value is a 160 bit SHA1 hash
+Issuer Key ID           - the value is a 160 bit SHA1 hash
+Subject Key ID          - the value is a 160 bit SHA1 hash
+Issuer/Serial Hash      - the value is a 160 bit SHA1 hash
+Issuer                  - the value is a X509_NAME
+Serial                  - the value is a BIGNUM
+Subject                 - the value is a X509_NAME
+Certificate Hash        - the value is a 160 bit SHA1 hash
+Email                   - the value is a normal C string
+Filename                - the value is a normal C string
+
+It is expected that these attributes should be enough to support
+the need from most, if not all, current applications.  Applications
+that need to do certificate verification would typically use Subject
+Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
+S/MIME applications would typically use Email to look up recipient
+and signer certificates.
+
+There's added support for combined sets of attributes to search for,
+with the special OR attribute.
+
+
+Supported basic functionality
+-----------------------------
+
+The functions that are supported through the STORE type are these:
+
+generate_object         - for example to generate keys and CRLs
+get_object              - to look up one object
+                          NOTE: this function is really rather
+                          redundant and probably of lesser usage
+                          than the list functions
+store_object            - store an object and the attributes
+                          associated with it
+modify_object           - modify the attributes associated with
+                          a specific object
+revoke_object           - revoke an object
+                          NOTE: this only marks an object as
+                          invalid, it doesn't remove the object
+                          from the database
+delete_object           - remove an object from the database
+list_object             - list objects associated with a given
+                          set of attributes
+                          NOTE: this is really four functions:
+                          list_start, list_next, list_end and
+                          list_endp
+update_store            - update the internal data of the store
+lock_store              - lock the store
+unlock_store            - unlock the store
+
+The list functions need some extra explanation: list_start is
+used to set up a lookup.  That's where the attributes to use in
+the search are set up.  It returns a search context.  list_next
+returns the next object searched for.  list_end closes the search.
+list_endp is used to check if we have reached the end.
+
+A few words on the store functions as well: update_store is
+typically used by a CA application to update the internal
+structure of a database.  This may for example involve automatic
+removal of expired certificates.  lock_store and unlock_store
+are used for locking a store to allow exclusive writes.
diff --git a/src/lib/libcrypto/store/store.h b/src/lib/libcrypto/store/store.h
new file mode 100644
index 0000000000..0a28c7d5a2
--- /dev/null
+++ b/src/lib/libcrypto/store/store.h
@@ -0,0 +1,561 @@
+/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_H
+#define HEADER_STORE_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_STORE
+#error STORE is disabled.
+#endif
+
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */
+
+
+/* All the following functions return 0, a negative number or NULL on error.
+   When everything is fine, they return a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+
+/* Creators and destructor.   */
+STORE *STORE_new_method(const STORE_METHOD *method);
+STORE *STORE_new_engine(ENGINE *engine);
+void STORE_free(STORE *ui);
+
+
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a STORE. */
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
+
+/* A control to set the directory with keys and certificates.  Used by the
+   built-in directory level method. */
+#define STORE_CTRL_SET_DIRECTORY        0x0001
+/* A control to set a file to load.  Used by the built-in file level method. */
+#define STORE_CTRL_SET_FILE             0x0002
+/* A control to set a configuration file to load.  Can be used by any method
+   that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_FILE        0x0003
+/* A control to set a the section of the loaded configuration file.  Can be
+   used by any method that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_SECTION     0x0004
+
+
+/* Some methods may use extra data */
+#define STORE_set_app_data(s,arg)       STORE_set_ex_data(s,0,arg)
+#define STORE_get_app_data(s)           STORE_get_ex_data(s,0)
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int STORE_set_ex_data(STORE *r,int idx,void *arg);
+void *STORE_get_ex_data(STORE *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+const STORE_METHOD *STORE_get_method(STORE *store);
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
+
+/* The standard OpenSSL methods. */
+/* This is the in-memory method.  It does everything except revoking and updating,
+   and is of course volatile.  It's used by other methods that have an in-memory
+   cache. */
+const STORE_METHOD *STORE_Memory(void);
+#if 0 /* Not yet implemented */
+/* This is the directory store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory. */
+const STORE_METHOD *STORE_Directory(void);
+/* This is the file store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory.  Certificates are added
+   to it with the store operation, and it will only get cached certificates. */
+const STORE_METHOD *STORE_File(void);
+#endif
+
+/* Store functions take a type code for the type of data they should store
+   or fetch */
+typedef enum STORE_object_types
+        {
+        STORE_OBJECT_TYPE_X509_CERTIFICATE=     0x01, /* X509 * */
+        STORE_OBJECT_TYPE_X509_CRL=             0x02, /* X509_CRL * */
+        STORE_OBJECT_TYPE_PRIVATE_KEY=          0x03, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_PUBLIC_KEY=           0x04, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_NUMBER=               0x05, /* BIGNUM * */
+        STORE_OBJECT_TYPE_ARBITRARY=            0x06, /* BUF_MEM * */
+        STORE_OBJECT_TYPE_NUM=                  0x06  /* The amount of known
+                                                         object types */
+        } STORE_OBJECT_TYPES;
+/* List of text strings corresponding to the object types. */
+extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
+
+/* Some store functions take a parameter list.  Those parameters come with
+   one of the following codes. The comments following the codes below indicate
+   what type the value should be a pointer to. */
+typedef enum STORE_params
+        {
+        STORE_PARAM_EVP_TYPE=                   0x01, /* int */
+        STORE_PARAM_BITS=                       0x02, /* size_t */
+        STORE_PARAM_KEY_PARAMETERS=             0x03, /* ??? */
+        STORE_PARAM_KEY_NO_PARAMETERS=          0x04, /* N/A */
+        STORE_PARAM_AUTH_PASSPHRASE=            0x05, /* char * */
+        STORE_PARAM_AUTH_KRB5_TICKET=           0x06, /* void * */
+        STORE_PARAM_TYPE_NUM=                   0x06  /* The amount of known
+                                                         parameter types */
+        } STORE_PARAM_TYPES;
+/* Parameter value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
+
+/* Store functions take attribute lists.  Those attributes come with codes.
+   The comments following the codes below indicate what type the value should
+   be a pointer to. */
+typedef enum STORE_attribs
+        {
+        STORE_ATTR_END=                         0x00,
+        STORE_ATTR_FRIENDLYNAME=                0x01, /* C string */
+        STORE_ATTR_KEYID=                       0x02, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERKEYID=                 0x03, /* 160 bit string (SHA1) */
+        STORE_ATTR_SUBJECTKEYID=                0x04, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERSERIALHASH=            0x05, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUER=                      0x06, /* X509_NAME * */
+        STORE_ATTR_SERIAL=                      0x07, /* BIGNUM * */
+        STORE_ATTR_SUBJECT=                     0x08, /* X509_NAME * */
+        STORE_ATTR_CERTHASH=                    0x09, /* 160 bit string (SHA1) */
+        STORE_ATTR_EMAIL=                       0x0a, /* C string */
+        STORE_ATTR_FILENAME=                    0x0b, /* C string */
+        STORE_ATTR_TYPE_NUM=                    0x0b, /* The amount of known
+                                                         attribute types */
+        STORE_ATTR_OR=                          0xff  /* This is a special
+                                                         separator, which
+                                                         expresses the OR
+                                                         operation.  */
+        } STORE_ATTR_TYPES;
+/* Attribute value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
+
+typedef enum STORE_certificate_status
+        {
+        STORE_X509_VALID=                       0x00,
+        STORE_X509_EXPIRED=                     0x01,
+        STORE_X509_SUSPENDED=                   0x02,
+        STORE_X509_REVOKED=                     0x03
+        } STORE_CERTIFICATE_STATUS;
+
+/* Engine store functions will return a structure that contains all the necessary
+ * information, including revokation status for certificates.  This is really not
+ * needed for application authors, as the ENGINE framework functions will extract
+ * the OpenSSL-specific information when at all possible.  However, for engine
+ * authors, it's crucial to know this structure.  */
+typedef struct STORE_OBJECT_st
+        {
+        STORE_OBJECT_TYPES type;
+        union
+                {
+                struct
+                        {
+                        STORE_CERTIFICATE_STATUS status;
+                        X509 *certificate;
+                        } x509;
+                X509_CRL *crl;
+                EVP_PKEY *key;
+                BIGNUM *number;
+                BUF_MEM *arbitrary;
+                } data;
+        } STORE_OBJECT;
+DECLARE_STACK_OF(STORE_OBJECT)
+STORE_OBJECT *STORE_OBJECT_new(void);
+void STORE_OBJECT_free(STORE_OBJECT *data);
+
+
+
+/* The following functions handle the storage. They return 0, a negative number
+   or NULL on error, anything else on success. */
+X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509 *STORE_list_certificate_next(STORE *e, void *handle);
+int STORE_list_certificate_end(STORE *e, void *handle);
+int STORE_list_certificate_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_private_key(STORE *e, EVP_PKEY *data,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
+int STORE_list_private_key_end(STORE *e, void *handle);
+int STORE_list_private_key_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
+int STORE_list_public_key_end(STORE *e, void *handle);
+int STORE_list_public_key_endp(STORE *e, void *handle);
+X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
+int STORE_list_crl_end(STORE *e, void *handle);
+int STORE_list_crl_endp(STORE *e, void *handle);
+int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+
+
+/* Create and manipulate methods */
+STORE_METHOD *STORE_create_method(char *name);
+void STORE_destroy_method(STORE_METHOD *store_method);
+
+/* These callback types are use for store handlers */
+typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
+typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
+
+/* Method helper structures and functions. */
+
+/* This structure is the result of parsing through the information in a list
+   of OPENSSL_ITEMs.  It stores all the necessary information in a structured
+   way.*/
+typedef struct STORE_attr_info_st STORE_ATTR_INFO;
+
+/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
+   Note that we do this in the list form, since the list of OPENSSL_ITEMs can
+   come in blocks separated with STORE_ATTR_OR.  Note that the value returned
+   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
+int STORE_parse_attrs_end(void *handle);
+int STORE_parse_attrs_endp(void *handle);
+
+/* Creator and destructor */
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
+
+/* Manipulators */
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code);
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+
+/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
+   in each contained attribute. */
+int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a,
+                            const STORE_ATTR_INFO * const *b);
+/* Check if the set of attributes in a is within the range of attributes
+   set in b. */
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a are also set in b. */
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_STORE_strings(void);
+
+/* Error codes for the STORE functions. */
+
+/* Function codes. */
+#define STORE_F_MEM_DELETE                               134
+#define STORE_F_MEM_GENERATE                             135
+#define STORE_F_MEM_LIST_END                             168
+#define STORE_F_MEM_LIST_NEXT                            136
+#define STORE_F_MEM_LIST_START                           137
+#define STORE_F_MEM_MODIFY                               169
+#define STORE_F_MEM_STORE                                138
+#define STORE_F_STORE_ATTR_INFO_GET0_CSTR                139
+#define STORE_F_STORE_ATTR_INFO_GET0_DN                  140
+#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER              141
+#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR             142
+#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR              143
+#define STORE_F_STORE_ATTR_INFO_MODIFY_DN                144
+#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER            145
+#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR           146
+#define STORE_F_STORE_ATTR_INFO_SET_CSTR                 147
+#define STORE_F_STORE_ATTR_INFO_SET_DN                   148
+#define STORE_F_STORE_ATTR_INFO_SET_NUMBER               149
+#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR              150
+#define STORE_F_STORE_CERTIFICATE                        170
+#define STORE_F_STORE_CTRL                               161
+#define STORE_F_STORE_DELETE_ARBITRARY                   158
+#define STORE_F_STORE_DELETE_CERTIFICATE                 102
+#define STORE_F_STORE_DELETE_CRL                         103
+#define STORE_F_STORE_DELETE_NUMBER                      104
+#define STORE_F_STORE_DELETE_PRIVATE_KEY                 105
+#define STORE_F_STORE_DELETE_PUBLIC_KEY                  106
+#define STORE_F_STORE_GENERATE_CRL                       107
+#define STORE_F_STORE_GENERATE_KEY                       108
+#define STORE_F_STORE_GET_ARBITRARY                      159
+#define STORE_F_STORE_GET_CERTIFICATE                    109
+#define STORE_F_STORE_GET_CRL                            110
+#define STORE_F_STORE_GET_NUMBER                         111
+#define STORE_F_STORE_GET_PRIVATE_KEY                    112
+#define STORE_F_STORE_GET_PUBLIC_KEY                     113
+#define STORE_F_STORE_LIST_CERTIFICATE_END               114
+#define STORE_F_STORE_LIST_CERTIFICATE_ENDP              153
+#define STORE_F_STORE_LIST_CERTIFICATE_NEXT              115
+#define STORE_F_STORE_LIST_CERTIFICATE_START             116
+#define STORE_F_STORE_LIST_CRL_END                       117
+#define STORE_F_STORE_LIST_CRL_ENDP                      154
+#define STORE_F_STORE_LIST_CRL_NEXT                      118
+#define STORE_F_STORE_LIST_CRL_START                     119
+#define STORE_F_STORE_LIST_PRIVATE_KEY_END               120
+#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP              155
+#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT              121
+#define STORE_F_STORE_LIST_PRIVATE_KEY_START             122
+#define STORE_F_STORE_LIST_PUBLIC_KEY_END                123
+#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP               156
+#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT               124
+#define STORE_F_STORE_LIST_PUBLIC_KEY_START              125
+#define STORE_F_STORE_MODIFY_ARBITRARY                   162
+#define STORE_F_STORE_MODIFY_CERTIFICATE                 163
+#define STORE_F_STORE_MODIFY_CRL                         164
+#define STORE_F_STORE_MODIFY_NUMBER                      165
+#define STORE_F_STORE_MODIFY_PRIVATE_KEY                 166
+#define STORE_F_STORE_MODIFY_PUBLIC_KEY                  167
+#define STORE_F_STORE_NEW_ENGINE                         133
+#define STORE_F_STORE_NEW_METHOD                         132
+#define STORE_F_STORE_PARSE_ATTRS_END                    151
+#define STORE_F_STORE_PARSE_ATTRS_ENDP                   172
+#define STORE_F_STORE_PARSE_ATTRS_NEXT                   152
+#define STORE_F_STORE_PARSE_ATTRS_START                  171
+#define STORE_F_STORE_REVOKE_CERTIFICATE                 129
+#define STORE_F_STORE_REVOKE_PRIVATE_KEY                 130
+#define STORE_F_STORE_REVOKE_PUBLIC_KEY                  131
+#define STORE_F_STORE_STORE_ARBITRARY                    157
+#define STORE_F_STORE_STORE_CERTIFICATE                  100
+#define STORE_F_STORE_STORE_CRL                          101
+#define STORE_F_STORE_STORE_NUMBER                       126
+#define STORE_F_STORE_STORE_PRIVATE_KEY                  127
+#define STORE_F_STORE_STORE_PUBLIC_KEY                   128
+
+/* Reason codes. */
+#define STORE_R_ALREADY_HAS_A_VALUE                      127
+#define STORE_R_FAILED_DELETING_ARBITRARY                132
+#define STORE_R_FAILED_DELETING_CERTIFICATE              100
+#define STORE_R_FAILED_DELETING_KEY                      101
+#define STORE_R_FAILED_DELETING_NUMBER                   102
+#define STORE_R_FAILED_GENERATING_CRL                    103
+#define STORE_R_FAILED_GENERATING_KEY                    104
+#define STORE_R_FAILED_GETTING_ARBITRARY                 133
+#define STORE_R_FAILED_GETTING_CERTIFICATE               105
+#define STORE_R_FAILED_GETTING_KEY                       106
+#define STORE_R_FAILED_GETTING_NUMBER                    107
+#define STORE_R_FAILED_LISTING_CERTIFICATES              108
+#define STORE_R_FAILED_LISTING_KEYS                      109
+#define STORE_R_FAILED_MODIFYING_ARBITRARY               138
+#define STORE_R_FAILED_MODIFYING_CERTIFICATE             139
+#define STORE_R_FAILED_MODIFYING_CRL                     140
+#define STORE_R_FAILED_MODIFYING_NUMBER                  141
+#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY             142
+#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY              143
+#define STORE_R_FAILED_REVOKING_CERTIFICATE              110
+#define STORE_R_FAILED_REVOKING_KEY                      111
+#define STORE_R_FAILED_STORING_ARBITRARY                 134
+#define STORE_R_FAILED_STORING_CERTIFICATE               112
+#define STORE_R_FAILED_STORING_KEY                       113
+#define STORE_R_FAILED_STORING_NUMBER                    114
+#define STORE_R_NOT_IMPLEMENTED                          128
+#define STORE_R_NO_CONTROL_FUNCTION                      144
+#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION             135
+#define STORE_R_NO_DELETE_NUMBER_FUNCTION                115
+#define STORE_R_NO_DELETE_OBJECT_FUNCTION                116
+#define STORE_R_NO_GENERATE_CRL_FUNCTION                 117
+#define STORE_R_NO_GENERATE_OBJECT_FUNCTION              118
+#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION         136
+#define STORE_R_NO_GET_OBJECT_FUNCTION                   119
+#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION            120
+#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION             131
+#define STORE_R_NO_LIST_OBJECT_END_FUNCTION              121
+#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION             122
+#define STORE_R_NO_LIST_OBJECT_START_FUNCTION            123
+#define STORE_R_NO_MODIFY_OBJECT_FUNCTION                145
+#define STORE_R_NO_REVOKE_OBJECT_FUNCTION                124
+#define STORE_R_NO_STORE                                 129
+#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION       137
+#define STORE_R_NO_STORE_OBJECT_FUNCTION                 125
+#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION          126
+#define STORE_R_NO_VALUE                                 130
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/store/str_err.c b/src/lib/libcrypto/store/str_err.c
new file mode 100644
index 0000000000..924edf0505
--- /dev/null
+++ b/src/lib/libcrypto/store/str_err.c
@@ -0,0 +1,211 @@
+/* crypto/store/str_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
+
+static ERR_STRING_DATA STORE_str_functs[]=
+        {
+{ERR_FUNC(STORE_F_MEM_DELETE),  "MEM_DELETE"},
+{ERR_FUNC(STORE_F_MEM_GENERATE),        "MEM_GENERATE"},
+{ERR_FUNC(STORE_F_MEM_LIST_END),        "MEM_LIST_END"},
+{ERR_FUNC(STORE_F_MEM_LIST_NEXT),       "MEM_LIST_NEXT"},
+{ERR_FUNC(STORE_F_MEM_LIST_START),      "MEM_LIST_START"},
+{ERR_FUNC(STORE_F_MEM_MODIFY),  "MEM_MODIFY"},
+{ERR_FUNC(STORE_F_MEM_STORE),   "MEM_STORE"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),   "STORE_ATTR_INFO_get0_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),     "STORE_ATTR_INFO_get0_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),        "STORE_ATTR_INFO_get0_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),   "STORE_ATTR_INFO_modify_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),       "STORE_ATTR_INFO_modify_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),      "STORE_ATTR_INFO_modify_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),    "STORE_ATTR_INFO_set_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),      "STORE_ATTR_INFO_set_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),  "STORE_ATTR_INFO_set_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"},
+{ERR_FUNC(STORE_F_STORE_CERTIFICATE),   "STORE_CERTIFICATE"},
+{ERR_FUNC(STORE_F_STORE_CTRL),  "STORE_ctrl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),      "STORE_delete_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),    "STORE_delete_certificate"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CRL),    "STORE_delete_crl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),    "STORE_delete_private_key"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),     "STORE_delete_public_key"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),  "STORE_generate_crl"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),  "STORE_generate_key"},
+{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),       "STORE_get_certificate"},
+{ERR_FUNC(STORE_F_STORE_GET_CRL),       "STORE_get_crl"},
+{ERR_FUNC(STORE_F_STORE_GET_NUMBER),    "STORE_get_number"},
+{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),       "STORE_get_private_key"},
+{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),        "STORE_get_public_key"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),  "STORE_list_certificate_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),        "STORE_list_certificate_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),  "STORE_list_crl_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),        "STORE_list_crl_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),  "STORE_list_private_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),        "STORE_list_private_key_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),   "STORE_list_public_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),  "STORE_list_public_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),  "STORE_list_public_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),      "STORE_modify_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),    "STORE_modify_certificate"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),    "STORE_modify_crl"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),    "STORE_modify_private_key"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),     "STORE_modify_public_key"},
+{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),    "STORE_new_engine"},
+{ERR_FUNC(STORE_F_STORE_NEW_METHOD),    "STORE_new_method"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),       "STORE_parse_attrs_end"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),      "STORE_parse_attrs_endp"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),      "STORE_parse_attrs_next"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),     "STORE_parse_attrs_start"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),    "STORE_revoke_certificate"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),    "STORE_revoke_private_key"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),     "STORE_revoke_public_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),       "STORE_store_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),     "STORE_store_certificate"},
+{ERR_FUNC(STORE_F_STORE_STORE_CRL),     "STORE_store_crl"},
+{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),  "STORE_store_number"},
+{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),     "STORE_store_private_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),      "STORE_store_public_key"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA STORE_str_reasons[]=
+        {
+{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
+{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
+{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
+{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
+{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
+{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
+{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
+{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
+{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
+{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},
+{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
+{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},
+{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
+{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
+{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
+{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
+{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
+{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
+{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
+{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
+{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
+{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_STORE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,STORE_str_functs);
+                ERR_load_strings(0,STORE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/store/str_lib.c b/src/lib/libcrypto/store/str_lib.c
new file mode 100644
index 0000000000..f1dbcbd0e0
--- /dev/null
+++ b/src/lib/libcrypto/store/str_lib.c
@@ -0,0 +1,1828 @@
+/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include "str_locl.h"
+
+const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
+        {
+        0,
+        "X.509 Certificate",
+        "X.509 CRL",
+        "Private Key",
+        "Public Key",
+        "Number",
+        "Arbitrary Data"
+        };
+
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
+        {
+        0,
+        sizeof(int),            /* EVP_TYPE */
+        sizeof(size_t),         /* BITS */
+        -1,                     /* KEY_PARAMETERS */
+        0                       /* KEY_NO_PARAMETERS */
+        };      
+
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
+        {
+        0,
+        -1,                     /* FRIENDLYNAME:        C string */
+        SHA_DIGEST_LENGTH,      /* KEYID:               SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERKEYID:         SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* SUBJECTKEYID:        SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERSERIALHASH:    SHA1 digest, 160 bits */
+        sizeof(X509_NAME *),    /* ISSUER:              X509_NAME * */
+        sizeof(BIGNUM *),       /* SERIAL:              BIGNUM * */
+        sizeof(X509_NAME *),    /* SUBJECT:             X509_NAME * */
+        SHA_DIGEST_LENGTH,      /* CERTHASH:            SHA1 digest, 160 bits */
+        -1,                     /* EMAIL:               C string */
+        -1,                     /* FILENAME:            C string */
+        };      
+
+STORE *STORE_new_method(const STORE_METHOD *method)
+        {
+        STORE *ret;
+
+        if (method == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+
+        ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth=method;
+
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+        if (ret->meth->init && !ret->meth->init(ret))
+                {
+                STORE_free(ret);
+                ret = NULL;
+                }
+        return ret;
+        }
+
+STORE *STORE_new_engine(ENGINE *engine)
+        {
+        STORE *ret = NULL;
+        ENGINE *e = engine;
+        const STORE_METHOD *meth = 0;
+
+#ifdef OPENSSL_NO_ENGINE
+        e = NULL;
+#else
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+                        return NULL;
+                        }
+                e = engine;
+                }
+        else
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if(e)
+                {
+                meth = ENGINE_get_STORE(e);
+                if(!meth)
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(e);
+                        return NULL;
+                        }
+                }
+#endif
+
+        ret = STORE_new_method(meth);
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
+                return NULL;
+                }
+
+        ret->engine = e;
+
+        return(ret);
+        }
+
+void STORE_free(STORE *store)
+        {
+        if (store == NULL)
+                return;
+        if (store->meth->clean)
+                store->meth->clean(store);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+        OPENSSL_free(store);
+        }
+
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
+        {
+        if (store == NULL)
+                {
+                STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (store->meth->ctrl)
+                return store->meth->ctrl(store, cmd, i, p, f);
+        STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
+        return 0;
+        }
+
+
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int STORE_set_ex_data(STORE *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *STORE_get_ex_data(STORE *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+const STORE_METHOD *STORE_get_method(STORE *store)
+        {
+        return store->meth;
+        }
+
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
+        {
+        store->meth=meth;
+        return store->meth;
+        }
+
+
+/* API helpers */
+
+#define check_store(s,fncode,fnname,fnerrcode) \
+        do \
+                { \
+                if ((s) == NULL || (s)->meth == NULL) \
+                        { \
+                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+                        return 0; \
+                        } \
+                if ((s)->meth->fnname == NULL) \
+                        { \
+                        STOREerr((fncode), (fnerrcode)); \
+                        return 0; \
+                        } \
+                } \
+        while(0)
+
+/* API functions */
+
+X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+
+        check_store(s,STORE_F_STORE_GET_CERTIFICATE,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                attributes, parameters);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+                        STORE_R_FAILED_GETTING_CERTIFICATE);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+
+int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_CERTIFICATE,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        object->data.x509.certificate = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                object, attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        STORE_R_FAILED_STORING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+                        STORE_R_FAILED_MODIFYING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+                        STORE_R_FAILED_REVOKING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+                        STORE_R_FAILED_DELETING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s,
+                STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return handle;
+        }
+
+X509 *STORE_list_certificate_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+
+int STORE_list_certificate_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_certificate_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+
+EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GENERATE_KEY,
+                generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_KEY,
+                        STORE_R_FAILED_GENERATING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                        STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+
+        check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_list_private_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_private_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                        STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+
+        check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+
+int STORE_list_public_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_public_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_GENERATE_CRL,
+                generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
+
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_CRL,
+                        STORE_R_FAILED_GENERATING_CRL);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_GET_CRL,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GET_CRL,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_CRL,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        object->data.crl = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+
+int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CRL,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CRL,
+                        STORE_R_FAILED_MODIFYING_CRL);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CRL,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CRL,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+
+void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+
+        check_store(s,STORE_F_STORE_LIST_CRL_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+
+X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+
+        check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+
+int STORE_list_crl_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_list_crl_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_NUMBER,
+                store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.number = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        STORE_R_FAILED_STORING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_NUMBER,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+                        STORE_R_FAILED_MODIFYING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BIGNUM *n;
+
+        check_store(s,STORE_F_STORE_GET_NUMBER,
+                get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                parameters);
+        if (!object || !object->data.number)
+                {
+                STOREerr(STORE_F_STORE_GET_NUMBER,
+                        STORE_R_FAILED_GETTING_NUMBER);
+                return 0;
+                }
+        n = object->data.number;
+        object->data.number = NULL;
+        STORE_OBJECT_free(object);
+        return n;
+        }
+
+int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_NUMBER,
+                delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_NUMBER,
+                        STORE_R_FAILED_DELETING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+
+        check_store(s,STORE_F_STORE_STORE_ARBITRARY,
+                store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.arbitrary = data;
+
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+                attributes, parameters);
+
+        STORE_OBJECT_free(object);
+
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        STORE_R_FAILED_STORING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+                        STORE_R_FAILED_MODIFYING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BUF_MEM *b;
+
+        check_store(s,STORE_F_STORE_GET_ARBITRARY,
+                get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                attributes, parameters);
+        if (!object || !object->data.arbitrary)
+                {
+                STOREerr(STORE_F_STORE_GET_ARBITRARY,
+                        STORE_R_FAILED_GETTING_ARBITRARY);
+                return 0;
+                }
+        b = object->data.arbitrary;
+        object->data.arbitrary = NULL;
+        STORE_OBJECT_free(object);
+        return b;
+        }
+
+int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
+                delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+                        STORE_R_FAILED_DELETING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+
+STORE_OBJECT *STORE_OBJECT_new(void)
+        {
+        STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+        if (object) memset(object, 0, sizeof(STORE_OBJECT));
+        return object;
+        }
+void STORE_OBJECT_free(STORE_OBJECT *data)
+        {
+        if (!data) return;
+        switch (data->type)
+                {
+        case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+                X509_free(data->data.x509.certificate);
+                break;
+        case STORE_OBJECT_TYPE_X509_CRL:
+                X509_CRL_free(data->data.crl);
+                break;
+        case STORE_OBJECT_TYPE_PRIVATE_KEY:
+        case STORE_OBJECT_TYPE_PUBLIC_KEY:
+                EVP_PKEY_free(data->data.key);
+                break;
+        case STORE_OBJECT_TYPE_NUMBER:
+                BN_free(data->data.number);
+                break;
+        case STORE_OBJECT_TYPE_ARBITRARY:
+                BUF_MEM_free(data->data.arbitrary);
+                break;
+                }
+        OPENSSL_free(data);
+        }
+
+IMPLEMENT_STACK_OF(STORE_OBJECT*)
+
+
+struct STORE_attr_info_st
+        {
+        unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+        union
+                {
+                char *cstring;
+                unsigned char *sha1string;
+                X509_NAME *dn;
+                BIGNUM *number;
+                void *any;
+                } values[STORE_ATTR_TYPE_NUM+1];
+        size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
+        };
+
+#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
+        {
+        return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+        }
+static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (ATTR_IS_SET(attrs,code))
+                {
+                switch(code)
+                        {
+                case STORE_ATTR_FRIENDLYNAME:
+                case STORE_ATTR_EMAIL:
+                case STORE_ATTR_FILENAME:
+                        STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_KEYID:
+                case STORE_ATTR_ISSUERKEYID:
+                case STORE_ATTR_SUBJECTKEYID:
+                case STORE_ATTR_ISSUERSERIALHASH:
+                case STORE_ATTR_CERTHASH:
+                        STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_ISSUER:
+                case STORE_ATTR_SUBJECT:
+                        STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+                        break;
+                case STORE_ATTR_SERIAL:
+                        STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+                        break;
+                default:
+                        break;
+                        }
+                }
+        }
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
+        {
+        if (attrs)
+                {
+                STORE_ATTR_TYPES i;
+                for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+                        STORE_ATTR_INFO_attr_free(attrs, i);
+                OPENSSL_free(attrs);
+                }
+        return 1;
+        }
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].cstring;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].sha1string;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].dn;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].number;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].sha1string =
+                            (unsigned char *)BUF_memdup(sha1str,
+                                    sha1str_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].number = BN_dup(number)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].cstring);
+                attrs->values[code].cstring = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+        }
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].sha1string);
+                attrs->values[code].sha1string = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+        }
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].dn);
+                attrs->values[code].dn = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+        }
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].number);
+                attrs->values[code].number = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_number(attrs, code, number);
+        }
+
+struct attr_list_ctx_st
+        {
+        OPENSSL_ITEM *attributes;
+        };
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
+        {
+        if (attributes)
+                {
+                struct attr_list_ctx_st *context =
+                        (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+                if (context)
+                        context->attributes = attributes;
+                else
+                        STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
+                                ERR_R_MALLOC_FAILURE);
+                return context;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+                STORE_ATTR_INFO *attrs = NULL;
+
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        {
+                        switch(context->attributes->code)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_cstr(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_sha1str(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_dn(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_number(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                                }
+                        context->attributes++;
+                        }
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return attrs;
+        err:
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        context->attributes++;
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return NULL;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+        }
+int STORE_parse_attrs_end(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+#if 0
+                OPENSSL_ITEM *attributes = context->attributes;
+#endif
+                OPENSSL_free(context);
+                return 1;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+
+int STORE_parse_attrs_endp(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+        if (context && context->attributes)
+                {
+                return context->attributes->code == STORE_ATTR_END;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+
+static int attr_info_compare_compute_range(
+        const unsigned char *abits, const unsigned char *bbits,
+        unsigned int *alowp, unsigned int *ahighp,
+        unsigned int *blowp, unsigned int *bhighp)
+        {
+        unsigned int alow = (unsigned int)-1, ahigh = 0;
+        unsigned int blow = (unsigned int)-1, bhigh = 0;
+        int i, res = 0;
+
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (res == 0)
+                        {
+                        if (*abits < *bbits) res = -1;
+                        if (*abits > *bbits) res = 1;
+                        }
+                if (*abits)
+                        {
+                        if (alow == (unsigned int)-1)
+                                {
+                                alow = i * 8;
+                                if (!(*abits & 0x01)) alow++;
+                                if (!(*abits & 0x02)) alow++;
+                                if (!(*abits & 0x04)) alow++;
+                                if (!(*abits & 0x08)) alow++;
+                                if (!(*abits & 0x10)) alow++;
+                                if (!(*abits & 0x20)) alow++;
+                                if (!(*abits & 0x40)) alow++;
+                                }
+                        ahigh = i * 8 + 7;
+                        if (!(*abits & 0x80)) ahigh++;
+                        if (!(*abits & 0x40)) ahigh++;
+                        if (!(*abits & 0x20)) ahigh++;
+                        if (!(*abits & 0x10)) ahigh++;
+                        if (!(*abits & 0x08)) ahigh++;
+                        if (!(*abits & 0x04)) ahigh++;
+                        if (!(*abits & 0x02)) ahigh++;
+                        }
+                if (*bbits)
+                        {
+                        if (blow == (unsigned int)-1)
+                                {
+                                blow = i * 8;
+                                if (!(*bbits & 0x01)) blow++;
+                                if (!(*bbits & 0x02)) blow++;
+                                if (!(*bbits & 0x04)) blow++;
+                                if (!(*bbits & 0x08)) blow++;
+                                if (!(*bbits & 0x10)) blow++;
+                                if (!(*bbits & 0x20)) blow++;
+                                if (!(*bbits & 0x40)) blow++;
+                                }
+                        bhigh = i * 8 + 7;
+                        if (!(*bbits & 0x80)) bhigh++;
+                        if (!(*bbits & 0x40)) bhigh++;
+                        if (!(*bbits & 0x20)) bhigh++;
+                        if (!(*bbits & 0x10)) bhigh++;
+                        if (!(*bbits & 0x08)) bhigh++;
+                        if (!(*bbits & 0x04)) bhigh++;
+                        if (!(*bbits & 0x02)) bhigh++;
+                        }
+                }
+        if (ahigh + alow < bhigh + blow) res = -1;
+        if (ahigh + alow > bhigh + blow) res = 1;
+        if (alowp) *alowp = alow;
+        if (ahighp) *ahighp = ahigh;
+        if (blowp) *blowp = blow;
+        if (bhighp) *bhighp = bhigh;
+        return res;
+        }
+
+int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a,
+                            const STORE_ATTR_INFO * const *b)
+        {
+        if (a == b) return 0;
+        if (!a) return -1;
+        if (!b) return 1;
+        return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
+        }
+
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned int alow, ahigh, blow, bhigh;
+
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        attr_info_compare_compute_range(a->set, b->set,
+                &alow, &ahigh, &blow, &bhigh);
+        if (alow >= blow && ahigh <= bhigh)
+                return 1;
+        return 0;
+        }
+
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned char *abits, *bbits;
+        int i;
+
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        abits = a->set;
+        bbits = b->set;
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (*abits && (*bbits & *abits) != *abits)
+                        return 0;
+                }
+        return 1;
+        }
+
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        STORE_ATTR_TYPES i;
+
+        if (a == b) return 1;
+        if (!STORE_ATTR_INFO_in(a, b)) return 0;
+        for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+                if (ATTR_IS_SET(a, i))
+                        {
+                        switch(i)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (strcmp(a->values[i].cstring,
+                                            b->values[i].cstring))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (memcmp(a->values[i].sha1string,
+                                            b->values[i].sha1string,
+                                            a->value_sizes[i]))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (X509_NAME_cmp(a->values[i].dn,
+                                            b->values[i].dn))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (BN_cmp(a->values[i].number,
+                                            b->values[i].number))
+                                        return 0;
+                                break;
+                        default:
+                                break;
+                                }
+                        }
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_locl.h b/src/lib/libcrypto/store/str_locl.h
new file mode 100644
index 0000000000..3f8cb75619
--- /dev/null
+++ b/src/lib/libcrypto/store/str_locl.h
@@ -0,0 +1,124 @@
+/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_LOCL_H
+#define HEADER_STORE_LOCL_H
+
+#include <openssl/crypto.h>
+#include <openssl/store.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct store_method_st
+        {
+        char *name;
+
+        /* All the functions return a positive integer or non-NULL for success
+           and 0, a negative integer or NULL for failure */
+
+        /* Initialise the STORE with private data */
+        STORE_INITIALISE_FUNC_PTR init;
+        /* Initialise the STORE with private data */
+        STORE_CLEANUP_FUNC_PTR clean;
+        /* Generate an object of a given type */
+        STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+        /* Get an object of a given type.  This function isn't really very
+           useful since the listing functions (below) can be used for the
+           same purpose and are much more general. */
+        STORE_GET_OBJECT_FUNC_PTR get_object;
+        /* Store an object of a given type. */
+        STORE_STORE_OBJECT_FUNC_PTR store_object;
+        /* Modify the attributes bound to an object of a given type. */
+        STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+        /* Revoke an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+        /* Delete an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+        /* List a bunch of objects of a given type and with the associated
+           attributes. */
+        STORE_START_OBJECT_FUNC_PTR list_object_start;
+        STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+        STORE_END_OBJECT_FUNC_PTR list_object_end;
+        STORE_END_OBJECT_FUNC_PTR list_object_endp;
+        /* Store-level function to make any necessary update operations. */
+        STORE_GENERIC_FUNC_PTR update_store;
+        /* Store-level function to get exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR lock_store;
+        /* Store-level function to release exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR unlock_store;
+
+        /* Generic control function */
+        STORE_CTRL_FUNC_PTR ctrl;
+        };
+
+struct store_st
+        {
+        const STORE_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        };
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/store/str_mem.c b/src/lib/libcrypto/store/str_mem.c
new file mode 100644
index 0000000000..8ac4f7e55c
--- /dev/null
+++ b/src/lib/libcrypto/store/str_mem.c
@@ -0,0 +1,365 @@
+/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+
+/* The memory store is currently highly experimental.  It's meant to become
+   a base store used by other stores for internal caching (for full caching
+   support, aging needs to be added).
+
+   The database use is meant to support as much attribute association as
+   possible, while providing for as small search ranges as possible.
+   This is currently provided for by sorting the entries by numbers that
+   are composed of bits set at the positions indicated by attribute type
+   codes.  This provides for ranges determined by the highest attribute
+   type code value.  A better idea might be to sort by values computed
+   from the range of attributes associated with the object (basically,
+   the difference between the highest and lowest attribute type code)
+   and it's distance from a base (basically, the lowest associated
+   attribute type code).
+*/
+
+typedef struct mem_object_data_st
+        {
+        STORE_OBJECT *object;
+        STORE_ATTR_INFO *attr_info;
+        int references;
+        } MEM_OBJECT_DATA;
+
+DECLARE_STACK_OF(MEM_OBJECT_DATA)
+struct mem_data_st
+        {
+        STACK_OF(MEM_OBJECT_DATA) *data; /* sorted with
+                                          * STORE_ATTR_INFO_compare(). */
+        unsigned int compute_components : 1; /* Currently unused, but can
+                                                be used to add attributes
+                                                from parts of the data. */
+        };
+
+DECLARE_STACK_OF(STORE_ATTR_INFO)
+struct mem_ctx_st
+        {
+        int type;               /* The type we're searching for */
+        STACK_OF(STORE_ATTR_INFO) *search_attributes; /* Sets of
+                                     attributes to search for.  Each
+                                     element is a STORE_ATTR_INFO. */
+        int search_index;       /* which of the search attributes we
+                                   found a match for, -1 when we still
+                                   haven't found any */
+        int index;              /* -1 as long as we're searching for
+                                    the first */
+        };
+
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
+
+static STORE_METHOD store_memory =
+        {
+        "OpenSSL memory store interface",
+        mem_init,
+        mem_clean,
+        mem_generate,
+        mem_get,
+        mem_store,
+        mem_modify,
+        NULL, /* revoke */
+        mem_delete,
+        mem_list_start,
+        mem_list_next,
+        mem_list_end,
+        mem_list_endp,
+        NULL, /* update */
+        mem_lock,
+        mem_unlock,
+        mem_ctrl
+        };
+
+const STORE_METHOD *STORE_Memory(void)
+        {
+        return &store_memory;
+        }
+
+static int mem_init(STORE *s)
+        {
+        return 1;
+        }
+
+static void mem_clean(STORE *s)
+        {
+        return;
+        }
+
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        void *context = mem_list_start(s, type, attributes, parameters);
+        
+        if (context)
+                {
+                STORE_OBJECT *object = mem_list_next(s, context);
+
+                if (mem_list_end(s, context))
+                        return object;
+                }
+        return NULL;
+        }
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+/* The list functions may be the hardest to understand.  Basically,
+   mem_list_start compiles a stack of attribute info elements, and
+   puts that stack into the context to be returned.  mem_list_next
+   will then find the first matching element in the store, and then
+   walk all the way to the end of the store (since any combination
+   of attribute bits above the starting point may match the searched
+   for bit pattern...). */
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        struct mem_ctx_st *context =
+                (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+        void *attribute_context = NULL;
+        STORE_ATTR_INFO *attrs = NULL;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        memset(context, 0, sizeof(struct mem_ctx_st));
+
+        attribute_context = STORE_parse_attrs_start(attributes);
+        if (!attribute_context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+                goto err;
+                }
+
+        while((attrs = STORE_parse_attrs_next(attribute_context)))
+                {
+                if (context->search_attributes == NULL)
+                        {
+                        context->search_attributes =
+                                sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare);
+                        if (!context->search_attributes)
+                                {
+                                STOREerr(STORE_F_MEM_LIST_START,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                sk_STORE_ATTR_INFO_push(context->search_attributes,attrs);
+                }
+        if (!STORE_parse_attrs_endp(attribute_context))
+                goto err;
+        STORE_parse_attrs_end(attribute_context);
+        context->search_index = -1;
+        context->index = -1;
+        return context;
+ err:
+        if (attribute_context) STORE_parse_attrs_end(attribute_context);
+        mem_list_end(s, context);
+        return NULL;
+        }
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+        {
+        int i;
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+        struct mem_object_data_st key = { 0, 0, 1 };
+        struct mem_data_st *store =
+                (struct mem_data_st *)STORE_get_ex_data(s, 1);
+        int srch;
+        int cres = 0;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (!store)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+                return NULL;
+                }
+
+        if (context->search_index == -1)
+                {
+                for (i = 0;
+                     i < sk_STORE_ATTR_INFO_num(context->search_attributes);
+                     i++)
+                        {
+                        key.attr_info
+                          = sk_STORE_ATTR_INFO_value(context->search_attributes,
+                                                     i);
+                        srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key);
+
+                        if (srch >= 0)
+                                {
+                                context->search_index = srch;
+                                break;
+                                }
+                        }
+                }
+        if (context->search_index < 0)
+                return NULL;
+        
+        key.attr_info =
+                sk_STORE_ATTR_INFO_value(context->search_attributes,
+                                         context->search_index);
+        for(srch = context->search_index;
+            srch < sk_MEM_OBJECT_DATA_num(store->data)
+                    && STORE_ATTR_INFO_in_range(key.attr_info,
+                            sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info)
+                    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
+                                 sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info));
+            srch++)
+                ;
+
+        context->search_index = srch;
+        if (cres)
+                return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object;
+        return NULL;
+        }
+static int mem_list_end(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (context && context->search_attributes)
+                sk_STORE_ATTR_INFO_free(context->search_attributes);
+        if (context) OPENSSL_free(context);
+        return 1;
+        }
+static int mem_list_endp(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+        if (!context
+            || context->search_index
+               == sk_STORE_ATTR_INFO_num(context->search_attributes))
+                return 1;
+        return 0;
+        }
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
+        {
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_meth.c b/src/lib/libcrypto/store/str_meth.c
new file mode 100644
index 0000000000..a46de03a26
--- /dev/null
+++ b/src/lib/libcrypto/store/str_meth.c
@@ -0,0 +1,250 @@
+/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+
+STORE_METHOD *STORE_create_method(char *name)
+        {
+        STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+        if (store_method)
+                {
+                memset(store_method, 0, sizeof(*store_method));
+                store_method->name = BUF_strdup(name);
+                }
+        return store_method;
+        }
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using STORE_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void STORE_destroy_method(STORE_METHOD *store_method)
+        {
+        if (!store_method) return;
+        OPENSSL_free(store_method->name);
+        store_method->name = NULL;
+        OPENSSL_free(store_method);
+        }
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
+        {
+        sm->init = init_f;
+        return 1;
+        }
+
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
+        {
+        sm->clean = clean_f;
+        return 1;
+        }
+
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
+        {
+        sm->generate_object = generate_f;
+        return 1;
+        }
+
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
+        {
+        sm->get_object = get_f;
+        return 1;
+        }
+
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
+        {
+        sm->store_object = store_f;
+        return 1;
+        }
+
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+        {
+        sm->modify_object = modify_f;
+        return 1;
+        }
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+        {
+        sm->revoke_object = revoke_f;
+        return 1;
+        }
+
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+        {
+        sm->delete_object = delete_f;
+        return 1;
+        }
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
+        {
+        sm->list_object_start = list_start_f;
+        return 1;
+        }
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
+        {
+        sm->list_object_next = list_next_f;
+        return 1;
+        }
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
+        {
+        sm->list_object_end = list_end_f;
+        return 1;
+        }
+
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
+        {
+        sm->update_store = update_f;
+        return 1;
+        }
+
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
+        {
+        sm->lock_store = lock_f;
+        return 1;
+        }
+
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
+        {
+        sm->unlock_store = unlock_f;
+        return 1;
+        }
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
+        {
+        sm->ctrl = ctrl_f;
+        return 1;
+        }
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
+        {
+        return sm->init;
+        }
+
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
+        {
+        return sm->clean;
+        }
+
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
+        {
+        return sm->generate_object;
+        }
+
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+        {
+        return sm->get_object;
+        }
+
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+        {
+        return sm->store_object;
+        }
+
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
+        {
+        return sm->modify_object;
+        }
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
+        {
+        return sm->revoke_object;
+        }
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
+        {
+        return sm->delete_object;
+        }
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_start;
+        }
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_next;
+        }
+
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_end;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
+        {
+        return sm->update_store;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
+        {
+        return sm->lock_store;
+        }
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
+        {
+        return sm->unlock_store;
+        }
+
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+        {
+        return sm->ctrl;
+        }
+
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
new file mode 100644
index 0000000000..403f592dcd
--- /dev/null
+++ b/src/lib/libcrypto/symhacks.h
@@ -0,0 +1,477 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SYMHACKS_H
+#define HEADER_SYMHACKS_H
+
+#include <openssl/e_os2.h>
+
+/* Hacks to solve the problem with linkers incapable of handling very long
+   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
+   VAX. */
+/* Note that this affects util/libeay.num and util/ssleay.num...  you may
+   change those manually, but that's not recommended, as those files are
+   controlled centrally and updated on Unix, and the central definition
+   may disagree with yours, which in turn may come with shareable library
+   incompatibilities. */
+#ifdef OPENSSL_SYS_VMS
+
+/* Hack a long name in crypto/ex_data.c */
+#undef CRYPTO_get_ex_data_implementation
+#define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
+#undef CRYPTO_set_ex_data_implementation
+#define CRYPTO_set_ex_data_implementation       CRYPTO_set_ex_data_impl
+
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+#undef ASN1_STRING_set_default_mask_asc
+#define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
+#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECINF
+#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
+#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      d2i_ASN1_SET_OF_ACC_DESC
+#endif
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#undef PEM_read_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
+#undef PEM_write_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
+#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE     PEM_read_bio_NS_CERT_SEQ
+#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
+#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#undef PEM_read_PKCS8_PRIV_KEY_INFO
+#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
+#undef PEM_write_PKCS8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
+#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO    PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+
+/* Hack other PEM names */
+#undef PEM_write_bio_PKCS8PrivateKey_nid
+#define PEM_write_bio_PKCS8PrivateKey_nid       PEM_write_bio_PKCS8PrivKey_nid
+
+/* Hack some long X509 names */
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical        X509_REVOKED_get_ext_by_critic
+#undef X509_policy_tree_get0_user_policies
+#define X509_policy_tree_get0_user_policies     X509_pcy_tree_get0_usr_policies
+#undef X509_policy_node_get0_qualifiers
+#define X509_policy_node_get0_qualifiers        X509_pcy_node_get0_qualifiers
+#undef X509_STORE_CTX_get_explicit_policy
+#define X509_STORE_CTX_get_explicit_policy      X509_STORE_CTX_get_expl_policy
+#undef X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_current_issuer      X509_STORE_CTX_get0_cur_issuer
+
+/* Hack some long CRYPTO names */
+#undef CRYPTO_set_dynlock_destroy_callback
+#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
+#undef CRYPTO_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
+#undef CRYPTO_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_lock_callback
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_destroy_callback
+#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
+#undef CRYPTO_get_dynlock_create_callback
+#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
+#undef CRYPTO_set_locked_mem_ex_functions
+#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
+#undef CRYPTO_get_locked_mem_ex_functions
+#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
+
+/* Hack some long SSL names */
+#undef SSL_CTX_set_default_verify_paths
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
+#undef SSL_add_file_cert_subjects_to_stack
+#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
+#undef SSL_add_dir_cert_subjects_to_stack
+#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
+#undef SSL_CTX_use_certificate_chain_file
+#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
+#undef SSL_COMP_get_compression_methods
+#define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
+#undef ssl_add_clienthello_renegotiate_ext
+#define ssl_add_clienthello_renegotiate_ext     ssl_add_clienthello_reneg_ext
+#undef ssl_add_serverhello_renegotiate_ext
+#define ssl_add_serverhello_renegotiate_ext     ssl_add_serverhello_reneg_ext
+#undef ssl_parse_clienthello_renegotiate_ext
+#define ssl_parse_clienthello_renegotiate_ext   ssl_parse_clienthello_reneg_ext
+#undef ssl_parse_serverhello_renegotiate_ext
+#define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
+#undef SSL_srp_server_param_with_username
+#define SSL_srp_server_param_with_username      SSL_srp_server_param_with_un
+#undef SSL_CTX_set_srp_client_pwd_callback
+#define SSL_CTX_set_srp_client_pwd_callback     SSL_CTX_set_srp_client_pwd_cb
+#undef SSL_CTX_set_srp_verify_param_callback
+#define SSL_CTX_set_srp_verify_param_callback   SSL_CTX_set_srp_vfy_param_cb
+#undef SSL_CTX_set_srp_username_callback
+#define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
+#undef ssl_add_clienthello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
+#undef ssl_add_serverhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
+#undef ssl_parse_clienthello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
+#undef ssl_parse_serverhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
+#undef SSL_CTX_set_next_protos_advertised_cb
+#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
+#undef SSL_CTX_set_next_proto_select_cb
+#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+
+/* Hack some long ENGINE names */
+#undef ENGINE_get_default_BN_mod_exp_crt
+#define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
+#undef ENGINE_set_default_BN_mod_exp_crt
+#define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
+#undef ENGINE_set_load_privkey_function
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#undef ENGINE_get_load_privkey_function
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+#undef ENGINE_unregister_pkey_asn1_meths
+#define ENGINE_unregister_pkey_asn1_meths       ENGINE_unreg_pkey_asn1_meths
+#undef ENGINE_register_all_pkey_asn1_meths
+#define ENGINE_register_all_pkey_asn1_meths     ENGINE_reg_all_pkey_asn1_meths
+#undef ENGINE_set_default_pkey_asn1_meths
+#define ENGINE_set_default_pkey_asn1_meths      ENGINE_set_def_pkey_asn1_meths
+#undef ENGINE_get_pkey_asn1_meth_engine
+#define ENGINE_get_pkey_asn1_meth_engine        ENGINE_get_pkey_asn1_meth_eng
+#undef ENGINE_set_load_ssl_client_cert_function
+#define ENGINE_set_load_ssl_client_cert_function \
+                                                ENGINE_set_ld_ssl_clnt_cert_fn
+#undef ENGINE_get_ssl_client_cert_function
+#define ENGINE_get_ssl_client_cert_function     ENGINE_get_ssl_client_cert_fn
+
+/* Hack some long OCSP names */
+#undef OCSP_REQUEST_get_ext_by_critical
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#undef OCSP_BASICRESP_get_ext_by_critical
+#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
+#undef OCSP_SINGLERESP_get_ext_by_critical
+#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
+
+/* Hack some long DES names */
+#undef _ossl_old_des_ede3_cfb64_encrypt
+#define _ossl_old_des_ede3_cfb64_encrypt        _ossl_odes_ede3_cfb64_encrypt
+#undef _ossl_old_des_ede3_ofb64_encrypt
+#define _ossl_old_des_ede3_ofb64_encrypt        _ossl_odes_ede3_ofb64_encrypt
+
+/* Hack some long EVP names */
+#undef OPENSSL_add_all_algorithms_noconf
+#define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
+#undef OPENSSL_add_all_algorithms_conf
+#define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
+#undef EVP_PKEY_meth_set_verify_recover
+#define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
+
+/* Hack some long EC names */
+#undef EC_GROUP_set_point_conversion_form
+#define EC_GROUP_set_point_conversion_form      EC_GROUP_set_point_conv_form
+#undef EC_GROUP_get_point_conversion_form
+#define EC_GROUP_get_point_conversion_form      EC_GROUP_get_point_conv_form
+#undef EC_GROUP_clear_free_all_extra_data
+#define EC_GROUP_clear_free_all_extra_data      EC_GROUP_clr_free_all_xtra_data
+#undef EC_KEY_set_public_key_affine_coordinates
+#define EC_KEY_set_public_key_affine_coordinates \
+                                                EC_KEY_set_pub_key_aff_coords
+#undef EC_POINT_set_Jprojective_coordinates_GFp
+#define EC_POINT_set_Jprojective_coordinates_GFp \
+                                                EC_POINT_set_Jproj_coords_GFp
+#undef EC_POINT_get_Jprojective_coordinates_GFp
+#define EC_POINT_get_Jprojective_coordinates_GFp \
+                                                EC_POINT_get_Jproj_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
+#undef EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
+#undef EC_POINT_set_compressed_coordinates_GFp
+#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GF2m
+#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m
+#undef EC_POINT_get_affine_coordinates_GF2m
+#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m
+#undef EC_POINT_set_compressed_coordinates_GF2m
+#define EC_POINT_set_compressed_coordinates_GF2m \
+                                                EC_POINT_set_compr_coords_GF2m
+#undef ec_GF2m_simple_group_clear_finish
+#define ec_GF2m_simple_group_clear_finish       ec_GF2m_simple_grp_clr_finish
+#undef ec_GF2m_simple_group_check_discriminant
+#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
+#undef ec_GF2m_simple_point_clear_finish
+#define ec_GF2m_simple_point_clear_finish       ec_GF2m_simple_pt_clr_finish
+#undef ec_GF2m_simple_point_set_to_infinity
+#define ec_GF2m_simple_point_set_to_infinity    ec_GF2m_simple_pt_set_to_inf
+#undef ec_GF2m_simple_points_make_affine
+#define ec_GF2m_simple_points_make_affine       ec_GF2m_simple_pts_make_affine
+#undef ec_GF2m_simple_point_set_affine_coordinates
+#define ec_GF2m_simple_point_set_affine_coordinates \
+                                                ec_GF2m_smp_pt_set_af_coords
+#undef ec_GF2m_simple_point_get_affine_coordinates
+#define ec_GF2m_simple_point_get_affine_coordinates \
+                                                ec_GF2m_smp_pt_get_af_coords
+#undef ec_GF2m_simple_set_compressed_coordinates
+#define ec_GF2m_simple_set_compressed_coordinates \
+                                                ec_GF2m_smp_set_compr_coords
+#undef ec_GFp_simple_group_set_curve_GFp
+#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_group_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#undef ec_GFp_simple_group_set_generator
+#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
+#undef ec_GFp_simple_group_get0_generator
+#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
+#undef ec_GFp_simple_group_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#undef ec_GFp_simple_point_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#undef ec_GFp_simple_point_set_to_infinity
+#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+#undef ec_GFp_simple_points_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_set_Jproj_coords_GFp
+#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
+#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_get_Jproj_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates_GFp
+#define ec_GFp_simple_point_set_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_set_af_coords_GFp
+#undef ec_GFp_simple_point_get_affine_coordinates_GFp
+#define ec_GFp_simple_point_get_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_get_af_coords_GFp
+#undef ec_GFp_simple_set_compressed_coordinates_GFp
+#define ec_GFp_simple_set_compressed_coordinates_GFp \
+                                                ec_GFp_smp_set_compr_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates
+#define ec_GFp_simple_point_set_affine_coordinates \
+                                                ec_GFp_smp_pt_set_af_coords
+#undef ec_GFp_simple_point_get_affine_coordinates
+#define ec_GFp_simple_point_get_affine_coordinates \
+                                                ec_GFp_smp_pt_get_af_coords
+#undef ec_GFp_simple_set_compressed_coordinates
+#define ec_GFp_simple_set_compressed_coordinates \
+                                                ec_GFp_smp_set_compr_coords
+#undef ec_GFp_simple_group_check_discriminant
+#define ec_GFp_simple_group_check_discriminant  ec_GFp_simple_grp_chk_discrim
+
+/* Hack som long STORE names */
+#undef STORE_method_set_initialise_function
+#define STORE_method_set_initialise_function    STORE_meth_set_initialise_fn
+#undef STORE_method_set_cleanup_function
+#define STORE_method_set_cleanup_function       STORE_meth_set_cleanup_fn
+#undef STORE_method_set_generate_function
+#define STORE_method_set_generate_function      STORE_meth_set_generate_fn
+#undef STORE_method_set_modify_function
+#define STORE_method_set_modify_function        STORE_meth_set_modify_fn
+#undef STORE_method_set_revoke_function
+#define STORE_method_set_revoke_function        STORE_meth_set_revoke_fn
+#undef STORE_method_set_delete_function
+#define STORE_method_set_delete_function        STORE_meth_set_delete_fn
+#undef STORE_method_set_list_start_function
+#define STORE_method_set_list_start_function    STORE_meth_set_list_start_fn
+#undef STORE_method_set_list_next_function
+#define STORE_method_set_list_next_function     STORE_meth_set_list_next_fn
+#undef STORE_method_set_list_end_function
+#define STORE_method_set_list_end_function      STORE_meth_set_list_end_fn
+#undef STORE_method_set_update_store_function
+#define STORE_method_set_update_store_function  STORE_meth_set_update_store_fn
+#undef STORE_method_set_lock_store_function
+#define STORE_method_set_lock_store_function    STORE_meth_set_lock_store_fn
+#undef STORE_method_set_unlock_store_function
+#define STORE_method_set_unlock_store_function  STORE_meth_set_unlock_store_fn
+#undef STORE_method_get_initialise_function
+#define STORE_method_get_initialise_function    STORE_meth_get_initialise_fn
+#undef STORE_method_get_cleanup_function
+#define STORE_method_get_cleanup_function       STORE_meth_get_cleanup_fn
+#undef STORE_method_get_generate_function
+#define STORE_method_get_generate_function      STORE_meth_get_generate_fn
+#undef STORE_method_get_modify_function
+#define STORE_method_get_modify_function        STORE_meth_get_modify_fn
+#undef STORE_method_get_revoke_function
+#define STORE_method_get_revoke_function        STORE_meth_get_revoke_fn
+#undef STORE_method_get_delete_function
+#define STORE_method_get_delete_function        STORE_meth_get_delete_fn
+#undef STORE_method_get_list_start_function
+#define STORE_method_get_list_start_function    STORE_meth_get_list_start_fn
+#undef STORE_method_get_list_next_function
+#define STORE_method_get_list_next_function     STORE_meth_get_list_next_fn
+#undef STORE_method_get_list_end_function
+#define STORE_method_get_list_end_function      STORE_meth_get_list_end_fn
+#undef STORE_method_get_update_store_function
+#define STORE_method_get_update_store_function  STORE_meth_get_update_store_fn
+#undef STORE_method_get_lock_store_function
+#define STORE_method_get_lock_store_function    STORE_meth_get_lock_store_fn
+#undef STORE_method_get_unlock_store_function
+#define STORE_method_get_unlock_store_function  STORE_meth_get_unlock_store_fn
+
+/* Hack some long TS names */
+#undef TS_RESP_CTX_set_status_info_cond
+#define TS_RESP_CTX_set_status_info_cond        TS_RESP_CTX_set_stat_info_cond
+#undef TS_RESP_CTX_set_clock_precision_digits
+#define TS_RESP_CTX_set_clock_precision_digits  TS_RESP_CTX_set_clk_prec_digits
+#undef TS_CONF_set_clock_precision_digits
+#define TS_CONF_set_clock_precision_digits      TS_CONF_set_clk_prec_digits
+
+/* Hack some long CMS names */
+#undef CMS_RecipientInfo_ktri_get0_algs
+#define CMS_RecipientInfo_ktri_get0_algs        CMS_RecipInfo_ktri_get0_algs
+#undef CMS_RecipientInfo_ktri_get0_signer_id
+#define CMS_RecipientInfo_ktri_get0_signer_id   CMS_RecipInfo_ktri_get0_sigr_id
+#undef CMS_OtherRevocationInfoFormat_it
+#define CMS_OtherRevocationInfoFormat_it        CMS_OtherRevocInfoFormat_it
+#undef CMS_KeyAgreeRecipientIdentifier_it
+#define CMS_KeyAgreeRecipientIdentifier_it      CMS_KeyAgreeRecipIdentifier_it
+#undef CMS_OriginatorIdentifierOrKey_it
+#define CMS_OriginatorIdentifierOrKey_it        CMS_OriginatorIdOrKey_it
+#undef cms_SignerIdentifier_get0_signer_id
+#define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
+
+/* Hack some long DTLS1 names */
+#undef dtls1_retransmit_buffered_messages
+#define dtls1_retransmit_buffered_messages      dtls1_retransmit_buffered_msgs
+
+/* Hack some long SRP names */
+#undef SRP_generate_server_master_secret
+#define SRP_generate_server_master_secret       SRP_gen_server_master_secret
+#undef SRP_generate_client_master_secret
+#define SRP_generate_client_master_secret       SRP_gen_client_master_secret
+
+/* Hack some long UI names */
+#undef UI_method_get_prompt_constructor
+#define UI_method_get_prompt_constructor        UI_method_get_prompt_constructr
+#undef UI_method_set_prompt_constructor
+#define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
+
+#endif /* defined OPENSSL_SYS_VMS */
+
+
+/* Case insensitive linking causes problems.... */
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+#undef ERR_load_CRYPTO_strings
+#define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#undef OCSP_crlID_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
+
+#undef d2i_ECPARAMETERS
+#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#undef i2d_ECPARAMETERS
+#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#undef d2i_ECPKPARAMETERS
+#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#undef i2d_ECPKPARAMETERS
+#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/* These functions do not seem to exist!  However, I'm paranoid...
+   Original command in x509v3.h:
+   These functions are being redefined in another directory,
+   and clash when the linker is case-insensitive, so let's
+   hide them a little, by giving them an extra 'o' at the
+   beginning of the name... */
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+
+/* This one clashes with CMS_data_create */
+#undef cms_Data_create
+#define cms_Data_create                         priv_cms_Data_create
+
+#endif
+
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/src/lib/libcrypto/threads/README b/src/lib/libcrypto/threads/README
new file mode 100644
index 0000000000..df6b26e146
--- /dev/null
+++ b/src/lib/libcrypto/threads/README
@@ -0,0 +1,14 @@
+Mutithreading testing area.
+
+Since this stuff is very very platorm specific, this is not part of the
+normal build.  Have a read of doc/threads.doc.
+
+mttest will do some testing and will currently build under Windows NT/95,
+Solaris and Linux.  The IRIX stuff is not finished.
+
+I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
+and things seem to work ok.
+
+The Linux pthreads package can be retrieved from 
+http://www.mit.edu:8001/people/proven/pthreads.html
+
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c
new file mode 100644
index 0000000000..eba7aa8a6e
--- /dev/null
+++ b/src/lib/libcrypto/threads/mttest.c
@@ -0,0 +1,1310 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#ifdef OPENSSL_SYS_NETWARE
+#if !defined __int64
+#  define __int64 long long
+#endif   
+#include <nwmpk.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#ifdef OPENSSL_NO_FP_API
+#define APPS_WIN16
+#include "../buffer/bss_file.c"
+#endif
+
+#ifdef OPENSSL_SYS_NETWARE
+#define TEST_SERVER_CERT "/openssl/apps/server.pem"
+#define TEST_CLIENT_CERT "/openssl/apps/client.pem"
+#else
+#define TEST_SERVER_CERT "../../apps/server.pem"
+#define TEST_CLIENT_CERT "../../apps/client.pem"
+#endif
+
+#define MAX_THREAD_NUMBER       100
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+void netware_locking_callback(int mode,int type,char *file,int line);
+void beos_locking_callback(int mode,int type,const char *file,int line);
+
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+unsigned long netware_thread_id(void );
+unsigned long beos_thread_id(void );
+
+#if defined(OPENSSL_SYS_NETWARE)
+static MPKMutex *lock_cs;
+static MPKSema ThreadSem;
+static long *lock_count;
+#endif
+
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int doit(char *ctx[4]);
+static void print_stats(FILE *fp, SSL_CTX *ctx)
+{
+        fprintf(fp,"%4ld items in the session cache\n",
+                SSL_CTX_sess_number(ctx));
+        fprintf(fp,"%4d client connects (SSL_connect())\n",
+                SSL_CTX_sess_connect(ctx));
+        fprintf(fp,"%4d client connects that finished\n",
+                SSL_CTX_sess_connect_good(ctx));
+        fprintf(fp,"%4d server connects (SSL_accept())\n",
+                SSL_CTX_sess_accept(ctx));
+        fprintf(fp,"%4d server connects that finished\n",
+                SSL_CTX_sess_accept_good(ctx));
+        fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+        fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+        fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+        }
+
+static void sv_usage(void)
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -threads arg  - number of threads\n");
+        fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+        fprintf(stderr," -reconnect    - reuse session-id's\n");
+        fprintf(stderr," -stats        - server session-id cache stats\n");
+        fprintf(stderr," -cert arg     - server certificate/key\n");
+        fprintf(stderr," -ccert arg    - client certificate/key\n");
+        fprintf(stderr," -ssl3         - just SSLv3n\n");
+        }
+
+int main(int argc, char *argv[])
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int ret=1;
+        int client_auth=0;
+        int server_auth=0;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        char *scert=TEST_SERVER_CERT;
+        char *ccert=TEST_CLIENT_CERT;
+        SSL_METHOD *ssl_method=SSLv23_method();
+
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        if (bio_stdout == NULL)
+                bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        argc--;
+        argv++;
+
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-reconnect") == 0)
+                        reconnect=1;
+                else if (strcmp(*argv,"-stats") == 0)
+                        cache_stats=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl_method=SSLv3_method();
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl_method=SSLv2_method();
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        scert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-ccert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        ccert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-threads") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        thread_number= atoi(*(++argv));
+                        if (thread_number == 0) thread_number=1;
+                        if (thread_number > MAX_THREAD_NUMBER)
+                                thread_number=MAX_THREAD_NUMBER;
+                        }
+                else if (strcmp(*argv,"-loops") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number_of_loops= atoi(*(++argv));
+                        if (number_of_loops == 0) number_of_loops=1;
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+
+        if (cipher == NULL && OPENSSL_issetugid() == 0)
+                cipher=getenv("SSL_CIPHER");
+
+        SSL_load_error_strings();
+        OpenSSL_add_ssl_algorithms();
+
+        c_ctx=SSL_CTX_new(ssl_method);
+        s_ctx=SSL_CTX_new(ssl_method);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+
+        SSL_CTX_set_session_cache_mode(s_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_set_session_cache_mode(c_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+
+        if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                }
+        else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                }
+
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                fprintf(stderr,"SSL_load_verify_locations\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+
+        thread_setup();
+        do_threads(s_ctx,c_ctx);
+        thread_cleanup();
+end:
+        
+        if (c_ctx != NULL) 
+                {
+                fprintf(stderr,"Client SSL_CTX stats then free it\n");
+                print_stats(stderr,c_ctx);
+                SSL_CTX_free(c_ctx);
+                }
+        if (s_ctx != NULL)
+                {
+                fprintf(stderr,"Server SSL_CTX stats then free it\n");
+                print_stats(stderr,s_ctx);
+                if (cache_stats)
+                        {
+                        fprintf(stderr,"-----\n");
+                        lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                /*      lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n"); */
+                        lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                        }
+                SSL_CTX_free(s_ctx);
+                fprintf(stderr,"done free\n");
+                }
+        exit(ret);
+        return(0);
+        }
+
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+
+int ndoit(SSL_CTX *ssl_ctx[2])
+        {
+        int i;
+        int ret;
+        char *ctx[4];
+
+        ctx[0]=(char *)ssl_ctx[0];
+        ctx[1]=(char *)ssl_ctx[1];
+
+        if (reconnect)
+                {
+                ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+                ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+                }
+        else
+                {
+                ctx[2]=NULL;
+                ctx[3]=NULL;
+                }
+
+        fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+        for (i=0; i<number_of_loops; i++)
+                {
+/*              fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+                        CRYPTO_thread_id(),i,
+                        ssl_ctx[0]->references,
+                        ssl_ctx[1]->references); */
+        /*      pthread_delay_np(&tm);*/
+
+                ret=doit(ctx);
+                if (ret != 0)
+                        {
+                        fprintf(stdout,"error[%d] %lu - %d\n",
+                                i,CRYPTO_thread_id(),ret);
+                        return(ret);
+                        }
+                }
+        fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+        if (reconnect)
+                {
+                SSL_free((SSL *)ctx[2]);
+                SSL_free((SSL *)ctx[3]);
+                }
+#   ifdef OPENSSL_SYS_NETWARE
+        MPKSemaphoreSignal(ThreadSem);
+#   endif
+        return(0);
+        }
+
+int doit(char *ctx[4])
+        {
+        SSL_CTX *s_ctx,*c_ctx;
+        static char cbuf[200],sbuf[200];
+        SSL *c_ssl=NULL;
+        SSL *s_ssl=NULL;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+
+        s_ctx=(SSL_CTX *)ctx[0];
+        c_ctx=(SSL_CTX *)ctx[1];
+
+        if (ctx[2] != NULL)
+                s_ssl=(SSL *)ctx[2];
+        else
+                s_ssl=SSL_new(s_ctx);
+
+        if (ctx[3] != NULL)
+                c_ssl=(SSL *)ctx[3];
+        else
+                c_ssl=SSL_new(c_ctx);
+
+        if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+
+                if (do_server && verbose)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+                        else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else 
+                                printf("server:SSL_read()\n");
+                        }
+
+                if (do_client && verbose)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+                        else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n");
+                        }
+
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                i=BIO_write(c_bio,"hello from client\n",18);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        /* ok */
+                                        c_write=0;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,100);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        done|=C_DONE;
+#ifdef undef
+                                        fprintf(stdout,"CLIENT:from server:");
+                                        fwrite(cbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        }
+
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,100);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=1;
+                                        s_w=1;
+#ifdef undef
+                                        fprintf(stdout,"SERVER:from client:");
+                                        fwrite(sbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_write(s_bio,"hello from server\n",18);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=0;
+                                        s_r=1;
+                                        done|=S_DONE;
+                                        }
+                                }
+                        }
+
+                if ((done & S_DONE) && (done & C_DONE)) break;
+#   if defined(OPENSSL_SYS_NETWARE)
+        ThreadSwitchWithDelay();
+#   endif
+                }
+
+        SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+#ifdef undef
+        fprintf(stdout,"DONE\n");
+#endif
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+
+        /* The SSL's are optionally freed in the following calls */
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+
+        if (c_bio != NULL) BIO_free(c_bio);
+        if (s_bio != NULL) BIO_free(s_bio);
+        return(0);
+        }
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char *s, buf[256];
+
+        if (verbose)
+                {
+                s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+                                    buf,256);
+                if (s != NULL)
+                        {
+                        if (ok)
+                                fprintf(stderr,"depth=%d %s\n",
+                                        ctx->error_depth,buf);
+                        else
+                                fprintf(stderr,"depth=%d error=%d %s\n",
+                                        ctx->error_depth,ctx->error,buf);
+                        }
+                }
+        return(ok);
+        }
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef OPENSSL_SYS_WIN32
+
+static HANDLE *lock_cs;
+
+void thread_setup(void)
+        {
+        int i;
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                CloseHandle(lock_cs[i]);
+        OPENSSL_free(lock_cs);
+        }
+
+void win32_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        double ret;
+        SSL_CTX *ssl_ctx[2];
+        DWORD thread_id[MAX_THREAD_NUMBER];
+        HANDLE thread_handle[MAX_THREAD_NUMBER];
+        int i;
+        SYSTEMTIME start,end;
+
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+
+        GetSystemTime(&start);
+        for (i=0; i<thread_number; i++)
+                {
+                thread_handle[i]=CreateThread(NULL,
+                        THREAD_STACK_SIZE,
+                        (LPTHREAD_START_ROUTINE)ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_id[i]));
+                }
+
+        printf("reaping\n");
+        for (i=0; i<thread_number; i+=50)
+                {
+                int j;
+
+                j=(thread_number < (i+50))?(thread_number-i):50;
+
+                if (WaitForMultipleObjects(j,
+                        (CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+                        == WAIT_FAILED)
+                        {
+                        fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+                        exit(1);
+                        }
+                }
+        GetSystemTime(&end);
+
+        if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+        ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+
+        ret=(ret+end.wHour-start.wHour)*60;
+        ret=(ret+end.wMinute-start.wMinute)*60;
+        ret=(ret+end.wSecond-start.wSecond);
+        ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+
+        printf("win32 threads done - %.3f seconds\n",ret);
+        }
+
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef SOLARIS
+
+static mutex_t *lock_cs;
+/*static rwlock_t *lock_cs; */
+static long *lock_count;
+
+void thread_setup(void)
+        {
+        int i;
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+
+        fprintf(stderr,"cleanup\n");
+
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                /* rwlock_destroy(&(lock_cs[i])); */
+                mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+
+        fprintf(stderr,"done cleanup\n");
+
+        }
+
+void solaris_locking_callback(int mode, int type, char *file, int line)
+        {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+
+        /*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+        fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+        */
+        if (mode & CRYPTO_LOCK)
+                {
+        /*      if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type])); */
+
+                mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+/*              rw_unlock(&(lock_cs[type]));  */
+                mutex_unlock(&(lock_cs[type]));
+                }
+        }
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+
+        thr_setconcurrency(thread_number);
+        for (i=0; i<thread_number; i++)
+                {
+                thr_create(NULL, THREAD_STACK_SIZE,
+                        (void *(*)())ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_ctx[i]));
+                }
+
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                thr_join(thread_ctx[i],NULL,NULL);
+                }
+
+        printf("solaris threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+
+unsigned long solaris_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+
+#ifdef IRIX
+
+
+static usptr_t *arena;
+static usema_t **lock_cs;
+
+void thread_setup(void)
+        {
+        int i;
+        char filename[20];
+
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                char buf[10];
+
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        OPENSSL_free(lock_cs);
+        }
+
+void irix_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                printf("lock %d\n",type);
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                printf("unlock %d\n",type);
+                usvsema(lock_cs[type]);
+                }
+        }
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        int thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i]=sproc((void (*)())ndoit,
+                        PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+                }
+
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                wait(NULL);
+                }
+
+        printf("irix threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+
+unsigned long irix_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+
+#ifdef PTHREADS
+
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+
+void thread_setup(void)
+        {
+        int i;
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+
+        fprintf(stderr,"done cleanup\n");
+        }
+
+void pthreads_locking_callback(int mode, int type, char *file,
+             int line)
+      {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        pthread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+
+        /*
+        thr_setconcurrency(thread_number);
+        */
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_create(&(thread_ctx[i]), NULL,
+                        (void *(*)())ndoit, (void *)ssl_ctx);
+                }
+
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_join(thread_ctx[i],NULL);
+                }
+
+        printf("pthreads threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+
+unsigned long pthreads_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+
+#endif /* PTHREADS */
+
+
+
+#ifdef OPENSSL_SYS_NETWARE
+
+void thread_setup(void)
+{
+   int i;
+
+   lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));
+   lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+   for (i=0; i<CRYPTO_num_locks(); i++)
+   {
+      lock_count[i]=0;
+      lock_cs[i]=MPKMutexAlloc("OpenSSL mutex");
+   }
+
+   ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 );
+
+   CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
+   CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+   int i;
+
+   CRYPTO_set_locking_callback(NULL);
+
+   fprintf(stdout,"thread_cleanup\n");
+
+   for (i=0; i<CRYPTO_num_locks(); i++)
+   {
+      MPKMutexFree(lock_cs[i]);
+      fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+   }
+   OPENSSL_free(lock_cs);
+   OPENSSL_free(lock_count);
+
+   MPKSemaphoreFree(ThreadSem);
+
+   fprintf(stdout,"done cleanup\n");
+}
+
+void netware_locking_callback(int mode, int type, char *file, int line)
+{
+   if (mode & CRYPTO_LOCK)
+   {
+      MPKMutexLock(lock_cs[type]);
+      lock_count[type]++;
+   }
+   else
+      MPKMutexUnlock(lock_cs[type]);
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+   SSL_CTX *ssl_ctx[2];
+   int i;
+   ssl_ctx[0]=s_ctx;
+   ssl_ctx[1]=c_ctx;
+
+   for (i=0; i<thread_number; i++)
+   {
+      BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE, 
+                   (void*)ssl_ctx);
+      ThreadSwitchWithDelay();
+   }
+
+   printf("reaping\n");
+
+      /* loop until all threads have signaled the semaphore */
+   for (i=0; i<thread_number; i++)
+   {
+      MPKSemaphoreWait(ThreadSem);
+   }
+   printf("netware threads done (%d,%d)\n",
+         s_ctx->references,c_ctx->references);
+}
+
+unsigned long netware_thread_id(void)
+{
+   unsigned long ret;
+
+   ret=(unsigned long)GetThreadID();
+   return(ret);
+}
+#endif /* NETWARE */
+
+#ifdef BEOS_THREADS
+
+#include <Locker.h>
+
+static BLocker** lock_cs;
+static long* lock_count;
+
+void thread_setup(void)
+        {
+        int i;
+
+        lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*));
+        lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                lock_cs[i] = new BLocker(CRYPTO_get_lock_name(i));
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())beos_thread_id);
+        CRYPTO_set_locking_callback(beos_locking_callback);
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                delete lock_cs[i];
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+
+        fprintf(stderr,"done cleanup\n");
+        }
+
+void beos_locking_callback(int mode, int type, const char *file, int line)
+    {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                lock_cs[type]->Lock();
+                lock_count[type]++;
+                }
+        else
+                {
+                lock_cs[type]->Unlock();
+                }
+        }
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_id thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i] = spawn_thread((thread_func)ndoit,
+                        NULL, B_NORMAL_PRIORITY, (void *)ssl_ctx);
+                resume_thread(thread_ctx[i]);
+                }
+
+        printf("waiting...\n");
+        for (i=0; i<thread_number; i++)
+                {
+                status_t result;
+                wait_for_thread(thread_ctx[i], &result);
+                }
+
+        printf("beos threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+
+unsigned long beos_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)find_thread(NULL);
+        return(ret);
+        }
+
+#endif /* BEOS_THREADS */
diff --git a/src/lib/libcrypto/threads/netware.bat b/src/lib/libcrypto/threads/netware.bat
new file mode 100644
index 0000000000..0b3eca3caf
--- /dev/null
+++ b/src/lib/libcrypto/threads/netware.bat
@@ -0,0 +1,79 @@
+@echo off
+rem batch file to build multi-thread test ( mttest.nlm )
+
+rem command line arguments:
+rem      debug => build using debug settings
+
+rem
+rem After building, copy mttest.nlm to the server and run it, you'll probably
+rem want to redirect stdout and stderr.  An example command line would be
+rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err"
+rem 
+
+del mttest.nlm
+
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
+
+if "%1" == "DEBUG" set BLD_DEBUG=YES
+if "%1" == "debug" set BLD_DEBUG=YES
+
+if "%MWCIncludes%" == "" goto inc_error
+if "%PRELUDE%" == "" goto prelude_error
+if "%IMPORTS%" == "" goto imports_error
+
+set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20
+
+if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib
+if "%BLD_DEBUG%" == ""  set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib
+
+set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal 
+  
+rem generate command file for metrowerks
+echo.
+echo Generating Metrowerks command file: mttest.def
+echo # dynamically generated command file for metrowerks build > mttest.def
+echo IMPORT @%IMPORTS%\clib.imp              >> mttest.def 
+echo IMPORT @%IMPORTS%\threads.imp           >> mttest.def 
+echo IMPORT @%IMPORTS%\ws2nlm.imp            >> mttest.def 
+echo IMPORT GetProcessSwitchCount            >> mttest.def
+echo MODULE clib                             >> mttest.def 
+
+rem compile
+echo.
+echo Compiling mttest.c
+mwccnlm.exe mttest.c %CFLAGS% 
+if errorlevel 1 goto end
+
+rem link               
+echo.
+echo Linking mttest.nlm
+mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm
+if errorlevel 1 goto end
+
+goto end
+
+:inc_error
+echo.
+echo Environment variable MWCIncludes is not set - see install.nw
+goto end
+
+:prelude_error
+echo.
+echo Environment variable PRELUDE is not set - see install.nw
+goto end
+
+:imports_error
+echo.
+echo Environment variable IMPORTS is not set - see install.nw
+goto end
+    
+    
+:end
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
+
diff --git a/src/lib/libcrypto/threads/profile.sh b/src/lib/libcrypto/threads/profile.sh
new file mode 100644
index 0000000000..6e3e342fc0
--- /dev/null
+++ b/src/lib/libcrypto/threads/profile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/src/lib/libcrypto/threads/ptest.bat b/src/lib/libcrypto/threads/ptest.bat
new file mode 100644
index 0000000000..4071b5ffea
--- /dev/null
+++ b/src/lib/libcrypto/threads/ptest.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib
+
diff --git a/src/lib/libcrypto/threads/pthread.sh b/src/lib/libcrypto/threads/pthread.sh
new file mode 100644
index 0000000000..f1c49821d2
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthread.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# build using pthreads
+#
+# http://www.mit.edu:8001/people/proven/pthreads.html
+#
+/bin/rm -f mttest
+pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto 
+
diff --git a/src/lib/libcrypto/threads/pthread2.sh b/src/lib/libcrypto/threads/pthread2.sh
new file mode 100644
index 0000000000..41264c6a50
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthread2.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# build using pthreads where it's already built into the system
+#
+/bin/rm -f mttest
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
+
diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com
new file mode 100644
index 0000000000..1cf92bdf57
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthreads-vms.com
@@ -0,0 +1,14 @@
+$! To compile mttest on VMS.
+$!
+$! WARNING: only tested with DEC C so far.
+$
+$ if (f$getsyi("cpu").lt.128)
+$ then
+$     arch := VAX
+$ else
+$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
+$ define/user openssl [--.include.openssl]
+$ cc/def=PTHREADS mttest.c
+$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libcrypto/threads/purify.sh b/src/lib/libcrypto/threads/purify.sh
new file mode 100644
index 0000000000..6d44fe26b7
--- /dev/null
+++ b/src/lib/libcrypto/threads/purify.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/src/lib/libcrypto/threads/solaris.sh b/src/lib/libcrypto/threads/solaris.sh
new file mode 100644
index 0000000000..bc93094a27
--- /dev/null
+++ b/src/lib/libcrypto/threads/solaris.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/src/lib/libcrypto/threads/th-lock.c b/src/lib/libcrypto/threads/th-lock.c
new file mode 100644
index 0000000000..14aae5f912
--- /dev/null
+++ b/src/lib/libcrypto/threads/th-lock.c
@@ -0,0 +1,387 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+void CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+
+static void irix_locking_callback(int mode,int type,char *file,int line);
+static void solaris_locking_callback(int mode,int type,char *file,int line);
+static void win32_locking_callback(int mode,int type,char *file,int line);
+static void pthreads_locking_callback(int mode,int type,char *file,int line);
+
+static unsigned long irix_thread_id(void );
+static unsigned long solaris_thread_id(void );
+static unsigned long pthreads_thread_id(void );
+
+/* usage:
+ * CRYPTO_thread_setup();
+ * application code
+ * CRYPTO_thread_cleanup();
+ */
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef OPENSSL_SYS_WIN32
+
+static HANDLE *lock_cs;
+
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        return(1);
+        }
+
+static void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                CloseHandle(lock_cs[i]);
+        OPENSSL_free(lock_cs);
+        }
+
+void win32_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef SOLARIS
+
+#define USE_MUTEX
+
+#ifdef USE_MUTEX
+static mutex_t *lock_cs;
+#else
+static rwlock_t *lock_cs;
+#endif
+static long *lock_count;
+
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+
+#ifdef USE_MUTEX
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+#else
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
+#endif
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+#ifdef USE_MUTEX
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#else
+                rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#endif
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+
+void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+#ifdef USE_MUTEX
+                mutex_destroy(&(lock_cs[i]));
+#else
+                rwlock_destroy(&(lock_cs[i]));
+#endif
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        }
+
+void solaris_locking_callback(int mode, int type, char *file, int line)
+        {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                        CRYPTO_thread_id(),
+                        mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+#ifdef USE_MUTEX
+                mutex_lock(&(lock_cs[type]));
+#else
+                if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type]));
+#endif
+                lock_count[type]++;
+                }
+        else
+                {
+#ifdef USE_MUTEX
+                mutex_unlock(&(lock_cs[type]));
+#else
+                rw_unlock(&(lock_cs[type]));
+#endif
+                }
+        }
+
+unsigned long solaris_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+
+#ifdef IRIX
+/* I don't think this works..... */
+
+static usptr_t *arena;
+static usema_t **lock_cs;
+
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+        char filename[20];
+
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+
+void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                char buf[10];
+
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        OPENSSL_free(lock_cs);
+        }
+
+void irix_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                usvsema(lock_cs[type]);
+                }
+        }
+
+unsigned long irix_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+
+/* Linux and a few others */
+#ifdef PTHREADS
+
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+
+void thread_cleanup(void)
+        {
+        int i;
+
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        }
+
+void pthreads_locking_callback(int mode, int type, char *file,
+             int line)
+      {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+
+unsigned long pthreads_thread_id(void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+
+#endif /* PTHREADS */
+
diff --git a/src/lib/libcrypto/threads/win32.bat b/src/lib/libcrypto/threads/win32.bat
new file mode 100644
index 0000000000..ee6da80a07
--- /dev/null
+++ b/src/lib/libcrypto/threads/win32.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssleay32.lib ..\..\out\libeay32.lib
+
diff --git a/src/lib/libcrypto/ts/Makefile b/src/lib/libcrypto/ts/Makefile
new file mode 100644
index 0000000000..c18234555b
--- /dev/null
+++ b/src/lib/libcrypto/ts/Makefile
@@ -0,0 +1,269 @@
+#
+# SSLeay/crypto/ts/Makefile
+#
+
+DIR=    ts
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I../../include
+CFLAG = -g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL= Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c \
+        ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \
+        ts_asn1.c
+LIBOBJ= ts_err.o ts_req_utils.o ts_req_print.o ts_rsp_utils.o ts_rsp_print.o \
+        ts_rsp_sign.o ts_rsp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o \
+        ts_asn1.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ts.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ts_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ts_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ts_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ts_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+ts_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h
+ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ts_asn1.o: ts_asn1.c
+ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_conf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ts_conf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ts_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ts_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ts_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ts_conf.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ts_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_conf.c
+ts_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ts_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ts_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+ts_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ts_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ts_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ts_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ts_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ts_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ts_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_err.o: ../../include/openssl/x509v3.h ts_err.c
+ts_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ts_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ts_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ts_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ts_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ts_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ts.h ts_lib.c
+ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ts_req_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+ts_req_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ts_req_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ts_req_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ts_req_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ts_req_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ts_req_print.o: ../../include/openssl/opensslconf.h
+ts_req_print.o: ../../include/openssl/opensslv.h
+ts_req_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_req_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_req_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_print.c
+ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_req_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_req_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_req_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_req_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_req_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_req_utils.o: ../../include/openssl/objects.h
+ts_req_utils.o: ../../include/openssl/opensslconf.h
+ts_req_utils.o: ../../include/openssl/opensslv.h
+ts_req_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_req_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_req_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_utils.c
+ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ts_rsp_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+ts_rsp_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ts_rsp_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ts_rsp_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ts_rsp_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ts_rsp_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ts_rsp_print.o: ../../include/openssl/opensslconf.h
+ts_rsp_print.o: ../../include/openssl/opensslv.h
+ts_rsp_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_rsp_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ts_rsp_print.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ts_rsp_print.o: ../cryptlib.h ts.h ts_rsp_print.c
+ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_rsp_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_rsp_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_rsp_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_rsp_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_rsp_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_rsp_sign.o: ../../include/openssl/objects.h
+ts_rsp_sign.o: ../../include/openssl/opensslconf.h
+ts_rsp_sign.o: ../../include/openssl/opensslv.h
+ts_rsp_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c
+ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_rsp_utils.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_rsp_utils.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_rsp_utils.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_rsp_utils.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_rsp_utils.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_rsp_utils.o: ../../include/openssl/objects.h
+ts_rsp_utils.o: ../../include/openssl/opensslconf.h
+ts_rsp_utils.o: ../../include/openssl/opensslv.h
+ts_rsp_utils.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_rsp_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_rsp_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_utils.c
+ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_rsp_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_rsp_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_rsp_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_rsp_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_rsp_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_rsp_verify.o: ../../include/openssl/objects.h
+ts_rsp_verify.o: ../../include/openssl/opensslconf.h
+ts_rsp_verify.o: ../../include/openssl/opensslv.h
+ts_rsp_verify.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_rsp_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_rsp_verify.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_verify.c
+ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h
+ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ts_verify_ctx.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ts_verify_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ts_verify_ctx.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ts_verify_ctx.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ts_verify_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ts_verify_ctx.o: ../../include/openssl/objects.h
+ts_verify_ctx.o: ../../include/openssl/opensslconf.h
+ts_verify_ctx.o: ../../include/openssl/opensslv.h
+ts_verify_ctx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ts_verify_ctx.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
+ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ts_verify_ctx.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_verify_ctx.c
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index afe16afbe4..a003207428 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -509,15 +509,17 @@ static int TS_check_status_info(TS_RESP *response)
                                                     TS_failure_info[i].code))
                                 {
                                 if (!first)
-                                        strcpy(failure_text, ",");
+                                        strlcat(failure_text, ",",
+                                                TS_STATUS_BUF_SIZE);
                                 else
                                         first = 0;
-                                strcat(failure_text, TS_failure_info[i].text);
+                                strlcat(failure_text, TS_failure_info[i].text,
+                                        TS_STATUS_BUF_SIZE);
                                 }
                         }
                 }
         if (failure_text[0] == '\0')
-                strcpy(failure_text, "unspecified");
+                strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE);
 
         /* Making up the error string. */
         TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile
new file mode 100644
index 0000000000..e6f30331d8
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/txt_db/Makefile
+#
+
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+txt_db.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+txt_db.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h
+txt_db.o: ../cryptlib.h txt_db.c
diff --git a/src/lib/libcrypto/ui/Makefile b/src/lib/libcrypto/ui/Makefile
new file mode 100644
index 0000000000..a685659fb4
--- /dev/null
+++ b/src/lib/libcrypto/ui/Makefile
@@ -0,0 +1,111 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+
+DIR=    ui
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ui.h ui_compat.h
+HEADER= $(EXHEADER) ui_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ui_compat.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/ui.h
+ui_compat.o: ../../include/openssl/ui_compat.h ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_lib.o: ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ui_util.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_util.o: ../../include/openssl/ui.h ui_locl.h ui_util.c
diff --git a/src/lib/libcrypto/ui/ui_compat.c b/src/lib/libcrypto/ui/ui_compat.c
new file mode 100644
index 0000000000..13e0f70d90
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_compat.c
@@ -0,0 +1,67 @@
+/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui_compat.h>
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
+        {
+        return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+        }
+
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+        {
+        return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+        }
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index a38c7581e6..e319faa47b 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -122,15 +122,9 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
-#if defined(OPENSSL_SYSNAME_VXWORKS)
-#include <sys/types.h>
-#endif
-
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2
 #endif
-#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -404,8 +398,8 @@ static int read_till_nl(FILE *in)
         char buf[SIZE+1];
 
         do      {
-                if (!fgets(buf,SIZE,in))
-                        return 0;
+                if (fgets(buf,sizeof(buf),in) == NULL)
+                        break;
                 } while (strchr(buf,'\n') == NULL);
         return 1;
         }
diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c
new file mode 100644
index 0000000000..b1fd52bada
--- /dev/null
+++ b/src/lib/libcrypto/uid.c
@@ -0,0 +1,89 @@
+/* crypto/uid.c */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+
+#include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+        {
+        return issetugid();
+        }
+
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+
+int OPENSSL_issetugid(void)
+        {
+        return 0;
+        }
+
+#else
+
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+
+int OPENSSL_issetugid(void)
+        {
+        if (getuid() != geteuid()) return 1;
+        if (getgid() != getegid()) return 1;
+        return 0;
+        }
+#endif
+
+
+
diff --git a/src/lib/libcrypto/util/FreeBSD.sh b/src/lib/libcrypto/util/FreeBSD.sh
new file mode 100644
index 0000000000..db8edfc6aa
--- /dev/null
+++ b/src/lib/libcrypto/util/FreeBSD.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+perl util/perlpath.pl /usr/bin
+perl util/ssldir.pl /usr/local  
+perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
+perl Configure FreeBSD
diff --git a/src/lib/libcrypto/util/add_cr.pl b/src/lib/libcrypto/util/add_cr.pl
new file mode 100644
index 0000000000..c7b62c11ec
--- /dev/null
+++ b/src/lib/libcrypto/util/add_cr.pl
@@ -0,0 +1,123 @@
+#!/usr/local/bin/perl
+#
+# This adds a copyright message to a souce code file.
+# It also gets the file name correct.
+#
+# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
+#
+
+foreach (@ARGV)
+        {
+        &dofile($_);
+        }
+
+sub dofile
+        {
+        local($file)=@_;
+
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+
+        print STDERR "doing $file\n";
+        @in=<IN>;
+
+        return(1) if ($in[0] =~ / NOCW /);
+
+        @out=();
+        open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
+        push(@out,"/* $file */\n");
+        if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
+                {
+                push(@out,&Copyright);
+                $i=2;
+                @a=grep(/ Copyright \(C\) /,@in);
+                if ($#a >= 0)
+                        {
+                        while (($i <= $#in) && ($in[$i] ne " */\n"))
+                                { $i++; }
+                        $i++ if ($in[$i] eq " */\n");
+
+                        while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
+                                { $i++; }
+
+                        push(@out,"\n");
+                        for ( ; $i <= $#in; $i++)
+                                { push(@out,$in[$i]); }
+                        }
+                else
+                        { push(@out,@in); }
+                }
+        else
+                {
+                shift(@in);
+                push(@out,@in);
+                }
+        print OUT @out;
+        close(IN);
+        close(OUT);
+        rename("$file","$file.orig") || die "unable to rename $file:$!\n";
+        rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
+        }
+
+
+
+sub Copyright
+        {
+        return <<'EOF';
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+EOF
+        }
diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh
new file mode 100644
index 0000000000..4d9a8287d0
--- /dev/null
+++ b/src/lib/libcrypto/util/bat.sh
@@ -0,0 +1,134 @@
+#!/usr/local/bin/perl
+
+$infile="/home/eay/ssl/SSLeay/MINFO";
+
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+
+        if ($key eq "LIBSRC")
+                { $libsrc.=&var_add($dir,$val); }
+
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+
+@a=split(/\s+/,$libsrc);
+foreach (@a)
+        {
+        print "${_}.c\n";
+        }
+
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+
+        return("") if $no_engine && $dir =~ /\/engine/;
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+
+        @a=grep(!/^engine$/,@a) if $no_engine;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
+
diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl
new file mode 100644
index 0000000000..f13af5c50b
--- /dev/null
+++ b/src/lib/libcrypto/util/ck_errf.pl
@@ -0,0 +1,64 @@
+#!/usr/local/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+
+my $err_strict = 0;
+my $bad = 0;
+
+foreach $file (@ARGV)
+        {
+        if ($file eq "-strict")
+                {
+                $err_strict = 1;
+                next;
+                }
+        open(IN,"<$file") || die "unable to open $file\n";
+        $func="";
+        while (<IN>)
+                {
+                if (!/;$/ && /^([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*[),]/)
+                        {
+                        /^([^()]*(\([^()]*\)[^()]*)*)\(/;
+                        $1 =~ /([A-Za-z_0-9]*)$/;
+                        $func = $1;
+                        $func =~ tr/A-Z/a-z/;
+                        }
+                if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/)
+                        {
+                        $errlib=$1;
+                        $n=$2;
+
+                        if ($func eq "")
+                                { print "$file:$.:???:$n\n"; $bad = 1; next; }
+
+                        if ($n !~ /([^_]+)_F_(.+)$/)
+                                {
+                #               print "check -$file:$.:$func:$n\n";
+                                next;
+                                }
+                        $lib=$1;
+                        $n=$2;
+
+                        if ($lib ne $errlib)
+                                { print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; }
+
+                        $n =~ tr/A-Z/a-z/;
+                        if (($n ne $func) && ($errlib ne "SYS"))
+                                { print "$file:$.:$func:$n\n"; $bad = 1; next; }
+        #               print "$func:$1\n";
+                        }
+                }
+        close(IN);
+        }
+
+if ($bad && $err_strict)
+        {
+        print STDERR "FATAL: error discrepancy\n";
+        exit 1;
+        }
+
diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl
new file mode 100644
index 0000000000..d3525b0ed0
--- /dev/null
+++ b/src/lib/libcrypto/util/clean-depend.pl
@@ -0,0 +1,58 @@
+#!/usr/local/bin/perl -w
+# Clean the dependency list in a makefile of standard includes...
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+use strict;
+
+while(<STDIN>) {
+    print;
+    last if /^# DO NOT DELETE THIS LINE/;
+}
+
+my %files;
+
+my $thisfile="";
+while(<STDIN>) {
+    my ($dummy, $file,$deps)=/^((.*):)? (.*)$/;
+    my $origfile="";
+    $thisfile=$file if defined $file;
+    next if !defined $deps;
+    $origfile=$thisfile;
+    $origfile=~s/\.o$/.c/;
+    my @deps=split ' ',$deps;
+    @deps=grep(!/^\//,@deps);
+    @deps=grep(!/^\\$/,@deps);
+    @deps=grep(!/^$origfile$/,@deps);
+# pull out the kludged kerberos header (if present).
+    @deps=grep(!/^[.\/]+\/krb5.h/,@deps);
+    push @{$files{$thisfile}},@deps;
+}
+
+my $file;
+foreach $file (sort keys %files) {
+    my $len=0;
+    my $dep;
+    my $origfile=$file;
+    $origfile=~s/\.o$/.c/;
+    $file=~s/^\.\///;
+    push @{$files{$file}},$origfile;
+    my $prevdep="";
+
+    # Remove leading ./ before sorting
+    my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}};
+
+    foreach $dep (sort @deps) {
+        $dep=~s/^\.\///;
+        next if $prevdep eq $dep; # to exterminate duplicates...
+        $prevdep = $dep;
+        $len=0 if $len+length($dep)+1 >= 80;
+        if($len == 0) {
+            print "\n$file:";
+            $len=length($file)+1;
+        }
+        print " $dep";
+        $len+=length($dep)+1;
+    }
+}
+
+print "\n";
diff --git a/src/lib/libcrypto/util/copy.pl b/src/lib/libcrypto/util/copy.pl
new file mode 100644
index 0000000000..eba6d5815e
--- /dev/null
+++ b/src/lib/libcrypto/util/copy.pl
@@ -0,0 +1,70 @@
+#!/usr/local/bin/perl
+
+use Fcntl;
+
+
+# copy.pl
+
+# Perl script 'copy' comment. On Windows the built in "copy" command also
+# copies timestamps: this messes up Makefile dependencies.
+
+my $stripcr = 0;
+
+my $arg;
+
+foreach $arg (@ARGV) {
+        if ($arg eq "-stripcr")
+                {
+                $stripcr = 1;
+                next;
+                }
+        $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
+        foreach (glob $arg)
+                {
+                push @filelist, $_;
+                }
+}
+
+$fnum = @filelist;
+
+if ($fnum <= 1)
+        {
+        die "Need at least two filenames";
+        }
+
+$dest = pop @filelist;
+        
+if ($fnum > 2 && ! -d $dest)
+        {
+        die "Destination must be a directory";
+        }
+
+foreach (@filelist)
+        {
+        if (-d $dest)
+                {
+                $dfile = $_;
+                $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+                $dfile = "$dest/$dfile";
+                }
+        else
+                {
+                $dfile = $dest;
+                }
+        sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+        sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+                                        || die "Can't Open $dfile";
+        while (sysread IN, $buf, 10240)
+                {
+                if ($stripcr)
+                        {
+                        $buf =~ tr/\015//d;
+                        }
+                syswrite(OUT, $buf, length($buf));
+                }
+        close(IN);
+        close(OUT);
+        print "Copying: $_ to $dfile\n";
+        }
+                
+
diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh
new file mode 100644
index 0000000000..cfdb04d2a4
--- /dev/null
+++ b/src/lib/libcrypto/util/cygwin.sh
@@ -0,0 +1,154 @@
+#!/bin/bash
+#
+# This script configures, builds and packs the binary package for
+# the Cygwin net distribution version of OpenSSL
+#
+
+# Uncomment when debugging
+#set -x
+
+CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
+INSTALL_PREFIX=/tmp/install/INSTALL
+
+VERSION=
+SHLIB_VERSION_NUMBER=
+SUBVERSION=$1
+
+function cleanup()
+{
+  rm -rf ${INSTALL_PREFIX}/etc
+  rm -rf ${INSTALL_PREFIX}/usr
+}
+
+function get_openssl_version()
+{
+  eval `grep '^VERSION=' Makefile`
+  if [ -z "${VERSION}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL version from Makefile."
+    echo "       Check value of variable VERSION in Makefile."
+    exit 1
+  fi
+  eval `grep '^SHLIB_VERSION_NUMBER=' Makefile`
+  if [ -z "${SHLIB_VERSION_NUMBER}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL shared lib version from Makefile."
+    echo " Check value of variable SHLIB_VERSION_NUMBER in Makefile."
+    exit 1
+  fi
+}
+
+function base_install()
+{
+  mkdir -p ${INSTALL_PREFIX}
+  cleanup
+  make install INSTALL_PREFIX="${INSTALL_PREFIX}"
+}
+
+function doc_install()
+{
+  DOC_DIR=${INSTALL_PREFIX}/usr/share/doc/openssl
+
+  mkdir -p ${DOC_DIR}
+  cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR}
+
+  create_cygwin_readme
+}
+
+function certs_install()
+{
+  CERTS_DIR=${INSTALL_PREFIX}/usr/ssl/certs
+
+  mkdir -p ${CERTS_DIR}
+  cp -rp certs/* ${CERTS_DIR}
+}
+
+function create_cygwin_readme()
+{
+  README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin
+  README_FILE=${README_DIR}/openssl-${VERSION}.README
+
+  mkdir -p ${README_DIR}
+  cat > ${README_FILE} <<- EOF
+        The Cygwin version has been built using the following configure:
+
+          ./config ${CONFIG_OPTIONS}
+
+        The IDEA and RC5 algorithms are disabled due to patent and/or
+        licensing issues.
+        EOF
+}
+
+function create_profile_files()
+{
+  PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d
+
+  mkdir -p $PROFILE_DIR
+  cat > ${PROFILE_DIR}/openssl.sh <<- "EOF"
+        export MANPATH="${MANPATH}:/usr/ssl/man"
+        EOF
+  cat > ${PROFILE_DIR}/openssl.csh <<- "EOF"
+        if ( $?MANPATH ) then
+          setenv MANPATH "${MANPATH}:/usr/ssl/man"
+        else
+          setenv MANPATH ":/usr/ssl/man"
+        endif
+        EOF
+}
+
+if [ -z "${SUBVERSION}" ]
+then
+  echo "Usage: $0 subversion"
+  exit 1
+fi
+
+if [ ! -f config ]
+then
+  echo "You must start this script in the OpenSSL toplevel source dir."
+  exit 1
+fi
+
+./config ${CONFIG_OPTIONS}
+
+get_openssl_version
+
+make depend || exit 1
+
+make || exit 1
+
+base_install
+
+doc_install
+
+certs_install
+
+create_cygwin_readme
+
+create_profile_files
+
+cd ${INSTALL_PREFIX}
+chmod u+w usr/lib/engines/*.so
+strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so
+chmod u-w usr/lib/engines/*.so
+
+# Runtime package
+tar cjf libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
+     usr/bin/cyg*dll
+# Base package
+find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
+     usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \
+     usr/ssl/private \
+     -empty -o \! -type d |
+tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
+# Development package
+find usr/include usr/lib/*.a usr/lib/pkgconfig usr/ssl/man/man3 \
+     -empty -o \! -type d |
+tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
+
+ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
+
+cleanup
+
+exit 0
diff --git a/src/lib/libcrypto/util/deleof.pl b/src/lib/libcrypto/util/deleof.pl
new file mode 100644
index 0000000000..155acd88ff
--- /dev/null
+++ b/src/lib/libcrypto/util/deleof.pl
@@ -0,0 +1,7 @@
+#!/usr/local/bin/perl
+
+while (<>)
+        {
+        print
+        last if (/^# DO NOT DELETE THIS LINE/);
+        }
diff --git a/src/lib/libcrypto/util/deltree.com b/src/lib/libcrypto/util/deltree.com
new file mode 100644
index 0000000000..9f36b1a5e9
--- /dev/null
+++ b/src/lib/libcrypto/util/deltree.com
@@ -0,0 +1,34 @@
+$! DELTREE.COM
+$
+$ call deltree 'p1'
+$ exit $status
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$       on control_y then goto dt_STOP
+$       on warning then goto dt_exit
+$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$       if f$parse(p1) .eqs. "" then exit
+$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$       _fp = f$parse(".DIR",p1)
+$ dt_loop:
+$       _f = f$search(_fp)
+$       if _f .eqs. "" then goto dt_loopend
+$       call deltree [.'f$parse(_f,,,"NAME")']*.*
+$       goto dt_loop
+$ dt_loopend:
+$       _fp = f$parse(p1,".;*")
+$       if f$search(_fp) .eqs. "" then goto dt_exit
+$       set noon
+$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$       set on
+$       delete/nolog '_fp'
+$ dt_exit:
+$       set default '_dt_def'
+$       goto dt_end
+$ dt_STOP:
+$       set default '_dt_def'
+$       stop/id=""
+$       exit
+$ dt_end:
+$       endsubroutine
diff --git a/src/lib/libcrypto/util/dirname.pl b/src/lib/libcrypto/util/dirname.pl
new file mode 100644
index 0000000000..d7a66d96ac
--- /dev/null
+++ b/src/lib/libcrypto/util/dirname.pl
@@ -0,0 +1,18 @@
+#!/usr/local/bin/perl
+
+if ($#ARGV < 0) {
+    die "dirname.pl: too few arguments\n";
+} elsif ($#ARGV > 0) {
+    die "dirname.pl: too many arguments\n";
+}
+
+my $d = $ARGV[0];
+
+if ($d =~ m|.*/.*|) {
+    $d =~ s|/[^/]*$||;
+} else {
+    $d = ".";
+}
+
+print $d,"\n";
+exit(0);
diff --git a/src/lib/libcrypto/util/do_ms.sh b/src/lib/libcrypto/util/do_ms.sh
new file mode 100644
index 0000000000..515b074cff
--- /dev/null
+++ b/src/lib/libcrypto/util/do_ms.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# generate the Microsoft makefiles and .def files
+#
+
+PATH=util:../util:$PATH
+
+# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
+# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
+# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
+perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
+perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
+perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
+
+perl util/mkdef.pl 16 libeay > ms/libeay16.def
+perl util/mkdef.pl 32 libeay > ms/libeay32.def
+perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
+perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd
new file mode 100644
index 0000000000..bab48cb7a2
--- /dev/null
+++ b/src/lib/libcrypto/util/domd
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Do a makedepend, only leave out the standard headers
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+TOP=$1
+shift
+if [ "$1" = "-MD" ]; then
+    shift
+    MAKEDEPEND=$1
+    shift
+fi
+if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
+
+cp Makefile Makefile.save
+# fake the presence of Kerberos
+touch $TOP/krb5.h
+if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then
+    args=""
+    while [ $# -gt 0 ]; do
+        if [ "$1" != "--" ]; then args="$args $1"; fi
+        shift
+    done
+    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
+    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+    ${MAKEDEPEND} -Werror -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp || exit 1
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    RC=$?
+    rm -f Makefile.tmp
+else
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
+    ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
+    RC=$?
+fi
+mv Makefile.new Makefile
+# unfake the presence of Kerberos
+rm $TOP/krb5.h
+
+exit $RC
diff --git a/src/lib/libcrypto/util/err-ins.pl b/src/lib/libcrypto/util/err-ins.pl
new file mode 100644
index 0000000000..31b70df8d0
--- /dev/null
+++ b/src/lib/libcrypto/util/err-ins.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+#
+# tack error codes onto the end of a file
+#
+
+open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
+@err=<ERR>;
+close(ERR);
+
+open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
+
+@out="";
+while (<IN>)
+        {
+        push(@out,$_);
+        last if /BEGIN ERROR CODES/;
+        }
+close(IN);
+
+open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
+print OUT @out;
+print OUT @err;
+print OUT <<"EOF";
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
+EOF
+close(OUT);
+
+
diff --git a/src/lib/libcrypto/util/extract-names.pl b/src/lib/libcrypto/util/extract-names.pl
new file mode 100644
index 0000000000..35bd6ed843
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-names.pl
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+
+$/ = "";                        # Eat a paragraph at once.
+while(<STDIN>) {
+    chop;
+    s/\n/ /gm;
+    if (/^=head1 /) {
+        $name = 0;
+    } elsif ($name) {
+        if (/ - /) {
+            s/ - .*//;
+            s/,\s+/,/g;
+            s/\s+,/,/g;
+            s/^\s+//g;
+            s/\s+$//g;
+            s/\s/_/g;
+            push @words, split ',';
+        }
+    }
+    if (/^=head1 *NAME *$/) {
+        $name = 1;
+    }
+}
+
+print join("\n", @words),"\n";
+
diff --git a/src/lib/libcrypto/util/extract-section.pl b/src/lib/libcrypto/util/extract-section.pl
new file mode 100644
index 0000000000..7a0ba4f69a
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-section.pl
@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+
+while(<STDIN>) {
+        if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
+                {
+                print "$1\n";
+                exit 0;
+                }
+}
+
+print "$ARGV[0]\n";
+
diff --git a/src/lib/libcrypto/util/files.pl b/src/lib/libcrypto/util/files.pl
new file mode 100644
index 0000000000..41f033e3b9
--- /dev/null
+++ b/src/lib/libcrypto/util/files.pl
@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+#
+# used to generate the file MINFO for use by util/mk1mf.pl
+# It is basically a list of all variables from the passed makefile
+#
+
+$s="";
+while (<>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+
+                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $sym{$s}=$o;
+                }
+        }
+
+$pwd=`pwd`; chop($pwd);
+
+if ($sym{'TOP'} eq ".")
+        {
+        $n=0;
+        $dir=".";
+        }
+else    {
+        $n=split(/\//,$sym{'TOP'});
+        @_=split(/\//,$pwd);
+        $z=$#_-$n+1;
+        foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
+        chop($dir);
+        }
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+print "RELATIVE_DIRECTORY=\n";
diff --git a/src/lib/libcrypto/util/fixNT.sh b/src/lib/libcrypto/util/fixNT.sh
new file mode 100644
index 0000000000..ab9e766b86
--- /dev/null
+++ b/src/lib/libcrypto/util/fixNT.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# clean up the mess that NT makes of my source tree
+#
+
+if [ -f makefile -a ! -f Makefile ]; then
+        /bin/mv makefile Makefile
+fi
+chmod +x Configure util/*
+echo cleaning
+/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
+echo 'removing those damn ^M'
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
+make -f Makefile links
diff --git a/src/lib/libcrypto/util/install.sh b/src/lib/libcrypto/util/install.sh
new file mode 100644
index 0000000000..e1d0c982df
--- /dev/null
+++ b/src/lib/libcrypto/util/install.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+
+
+# set DOITPROG to echo to test this script
+
+doit="${DOITPROG:-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG:-mv}"
+cpprog="${CPPROG:-cp}"
+chmodprog="${CHMODPROG:-chmod}"
+chownprog="${CHOWNPROG:-chown}"
+chgrpprog="${CHGRPPROG:-chgrp}"
+stripprog="${STRIPPROG:-strip}"
+rmprog="${RMPROG:-rm}"
+
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+src=""
+dst=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+        -c) instcmd="$cpprog"
+            shift
+            continue;;
+
+        -m) chmodcmd="$chmodprog $2"
+            shift
+            shift
+            continue;;
+
+        -o) chowncmd="$chownprog $2"
+            shift
+            shift
+            continue;;
+
+        -g) chgrpcmd="$chgrpprog $2"
+            shift
+            shift
+            continue;;
+
+        -s) stripcmd="$stripprog"
+            shift
+            continue;;
+
+        *)  if [ x"$src" = x ]
+            then
+                src=$1
+            else
+                dst=$1
+            fi
+            shift
+            continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+        echo "install:  no input file specified"
+        exit 1
+fi
+
+if [ x"$dst" = x ]
+then
+        echo "install:  no destination specified"
+        exit 1
+fi
+
+
+# if destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+if [ -d $dst ]
+then
+        dst="$dst"/`basename $src`
+fi
+
+
+# get rid of the old one and mode the new one in
+
+$doit $rmcmd $dst
+$doit $instcmd $src $dst
+
+
+# and set any options; do chmod last to preserve setuid bits
+
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+
+exit 0
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
new file mode 100644
index 0000000000..93f80ba0c6
--- /dev/null
+++ b/src/lib/libcrypto/util/libeay.num
@@ -0,0 +1,4312 @@
+SSLeay                                  1       EXIST::FUNCTION:
+SSLeay_version                          2       EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3       NOEXIST::FUNCTION:
+ASN1_HEADER_free                        4       NOEXIST::FUNCTION:
+ASN1_HEADER_new                         5       NOEXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6       NOEXIST::FUNCTION:
+ASN1_INTEGER_get                        7       EXIST::FUNCTION:
+ASN1_INTEGER_set                        8       EXIST::FUNCTION:
+ASN1_INTEGER_to_BN                      9       EXIST::FUNCTION:
+ASN1_OBJECT_create                      10      EXIST::FUNCTION:
+ASN1_OBJECT_free                        11      EXIST::FUNCTION:
+ASN1_OBJECT_new                         12      EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     13      EXIST::FUNCTION:
+ASN1_STRING_cmp                         14      EXIST::FUNCTION:
+ASN1_STRING_dup                         15      EXIST::FUNCTION:
+ASN1_STRING_free                        16      EXIST::FUNCTION:
+ASN1_STRING_new                         17      EXIST::FUNCTION:
+ASN1_STRING_print                       18      EXIST::FUNCTION:BIO
+ASN1_STRING_set                         19      EXIST::FUNCTION:
+ASN1_STRING_type_new                    20      EXIST::FUNCTION:
+ASN1_TYPE_free                          21      EXIST::FUNCTION:
+ASN1_TYPE_new                           22      EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string          23      EXIST::FUNCTION:
+ASN1_UTCTIME_check                      24      EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25      EXIST::FUNCTION:BIO
+ASN1_UTCTIME_set                        26      EXIST::FUNCTION:
+ASN1_check_infinite_end                 27      EXIST::FUNCTION:
+ASN1_d2i_bio                            28      EXIST::FUNCTION:BIO
+ASN1_d2i_fp                             29      EXIST::FUNCTION:FP_API
+ASN1_digest                             30      EXIST::FUNCTION:EVP
+ASN1_dup                                31      EXIST::FUNCTION:
+ASN1_get_object                         32      EXIST::FUNCTION:
+ASN1_i2d_bio                            33      EXIST::FUNCTION:BIO
+ASN1_i2d_fp                             34      EXIST::FUNCTION:FP_API
+ASN1_object_size                        35      EXIST::FUNCTION:
+ASN1_parse                              36      EXIST::FUNCTION:BIO
+ASN1_put_object                         37      EXIST::FUNCTION:
+ASN1_sign                               38      EXIST::FUNCTION:EVP
+ASN1_verify                             39      EXIST::FUNCTION:EVP
+BF_cbc_encrypt                          40      EXIST::FUNCTION:BF
+BF_cfb64_encrypt                        41      EXIST::FUNCTION:BF
+BF_ecb_encrypt                          42      EXIST::FUNCTION:BF
+BF_encrypt                              43      EXIST::FUNCTION:BF
+BF_ofb64_encrypt                        44      EXIST::FUNCTION:BF
+BF_options                              45      EXIST::FUNCTION:BF
+BF_set_key                              46      EXIST::FUNCTION:BF
+BIO_CONNECT_free                        47      NOEXIST::FUNCTION:
+BIO_CONNECT_new                         48      NOEXIST::FUNCTION:
+BIO_accept                              51      EXIST::FUNCTION:
+BIO_ctrl                                52      EXIST::FUNCTION:
+BIO_int_ctrl                            53      EXIST::FUNCTION:
+BIO_debug_callback                      54      EXIST::FUNCTION:
+BIO_dump                                55      EXIST::FUNCTION:
+BIO_dup_chain                           56      EXIST::FUNCTION:
+BIO_f_base64                            57      EXIST::FUNCTION:BIO
+BIO_f_buffer                            58      EXIST::FUNCTION:
+BIO_f_cipher                            59      EXIST::FUNCTION:BIO
+BIO_f_md                                60      EXIST::FUNCTION:BIO
+BIO_f_null                              61      EXIST::FUNCTION:
+BIO_f_proxy_server                      62      NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error                  63      EXIST::FUNCTION:
+BIO_fd_should_retry                     64      EXIST::FUNCTION:
+BIO_find_type                           65      EXIST::FUNCTION:
+BIO_free                                66      EXIST::FUNCTION:
+BIO_free_all                            67      EXIST::FUNCTION:
+BIO_get_accept_socket                   69      EXIST::FUNCTION:
+BIO_get_filter_bio                      70      NOEXIST::FUNCTION:
+BIO_get_host_ip                         71      EXIST::FUNCTION:
+BIO_get_port                            72      EXIST::FUNCTION:
+BIO_get_retry_BIO                       73      EXIST::FUNCTION:
+BIO_get_retry_reason                    74      EXIST::FUNCTION:
+BIO_gethostbyname                       75      EXIST::FUNCTION:
+BIO_gets                                76      EXIST::FUNCTION:
+BIO_new                                 78      EXIST::FUNCTION:
+BIO_new_accept                          79      EXIST::FUNCTION:
+BIO_new_connect                         80      EXIST::FUNCTION:
+BIO_new_fd                              81      EXIST::FUNCTION:
+BIO_new_file                            82      EXIST::FUNCTION:FP_API
+BIO_new_fp                              83      EXIST::FUNCTION:FP_API
+BIO_new_socket                          84      EXIST::FUNCTION:
+BIO_pop                                 85      EXIST::FUNCTION:
+BIO_printf                              86      EXIST::FUNCTION:
+BIO_push                                87      EXIST::FUNCTION:
+BIO_puts                                88      EXIST::FUNCTION:
+BIO_read                                89      EXIST::FUNCTION:
+BIO_s_accept                            90      EXIST::FUNCTION:
+BIO_s_connect                           91      EXIST::FUNCTION:
+BIO_s_fd                                92      EXIST::FUNCTION:
+BIO_s_file                              93      EXIST::FUNCTION:FP_API
+BIO_s_mem                               95      EXIST::FUNCTION:
+BIO_s_null                              96      EXIST::FUNCTION:
+BIO_s_proxy_client                      97      NOEXIST::FUNCTION:
+BIO_s_socket                            98      EXIST::FUNCTION:
+BIO_set                                 100     EXIST::FUNCTION:
+BIO_set_cipher                          101     EXIST::FUNCTION:BIO
+BIO_set_tcp_ndelay                      102     EXIST::FUNCTION:
+BIO_sock_cleanup                        103     EXIST::FUNCTION:
+BIO_sock_error                          104     EXIST::FUNCTION:
+BIO_sock_init                           105     EXIST::FUNCTION:
+BIO_sock_non_fatal_error                106     EXIST::FUNCTION:
+BIO_sock_should_retry                   107     EXIST::FUNCTION:
+BIO_socket_ioctl                        108     EXIST::FUNCTION:
+BIO_write                               109     EXIST::FUNCTION:
+BN_CTX_free                             110     EXIST::FUNCTION:
+BN_CTX_new                              111     EXIST::FUNCTION:
+BN_MONT_CTX_free                        112     EXIST::FUNCTION:
+BN_MONT_CTX_new                         113     EXIST::FUNCTION:
+BN_MONT_CTX_set                         114     EXIST::FUNCTION:
+BN_add                                  115     EXIST::FUNCTION:
+BN_add_word                             116     EXIST::FUNCTION:
+BN_hex2bn                               117     EXIST::FUNCTION:
+BN_bin2bn                               118     EXIST::FUNCTION:
+BN_bn2hex                               119     EXIST::FUNCTION:
+BN_bn2bin                               120     EXIST::FUNCTION:
+BN_clear                                121     EXIST::FUNCTION:
+BN_clear_bit                            122     EXIST::FUNCTION:
+BN_clear_free                           123     EXIST::FUNCTION:
+BN_cmp                                  124     EXIST::FUNCTION:
+BN_copy                                 125     EXIST::FUNCTION:
+BN_div                                  126     EXIST::FUNCTION:
+BN_div_word                             127     EXIST::FUNCTION:
+BN_dup                                  128     EXIST::FUNCTION:
+BN_free                                 129     EXIST::FUNCTION:
+BN_from_montgomery                      130     EXIST::FUNCTION:
+BN_gcd                                  131     EXIST::FUNCTION:
+BN_generate_prime                       132     EXIST::FUNCTION:DEPRECATED
+BN_get_word                             133     EXIST::FUNCTION:
+BN_is_bit_set                           134     EXIST::FUNCTION:
+BN_is_prime                             135     EXIST::FUNCTION:DEPRECATED
+BN_lshift                               136     EXIST::FUNCTION:
+BN_lshift1                              137     EXIST::FUNCTION:
+BN_mask_bits                            138     EXIST::FUNCTION:
+BN_mod                                  139     NOEXIST::FUNCTION:
+BN_mod_exp                              140     EXIST::FUNCTION:
+BN_mod_exp_mont                         141     EXIST::FUNCTION:
+BN_mod_exp_simple                       143     EXIST::FUNCTION:
+BN_mod_inverse                          144     EXIST::FUNCTION:
+BN_mod_mul                              145     EXIST::FUNCTION:
+BN_mod_mul_montgomery                   146     EXIST::FUNCTION:
+BN_mod_word                             148     EXIST::FUNCTION:
+BN_mul                                  149     EXIST::FUNCTION:
+BN_new                                  150     EXIST::FUNCTION:
+BN_num_bits                             151     EXIST::FUNCTION:
+BN_num_bits_word                        152     EXIST::FUNCTION:
+BN_options                              153     EXIST::FUNCTION:
+BN_print                                154     EXIST::FUNCTION:
+BN_print_fp                             155     EXIST::FUNCTION:FP_API
+BN_rand                                 156     EXIST::FUNCTION:
+BN_reciprocal                           157     EXIST::FUNCTION:
+BN_rshift                               158     EXIST::FUNCTION:
+BN_rshift1                              159     EXIST::FUNCTION:
+BN_set_bit                              160     EXIST::FUNCTION:
+BN_set_word                             161     EXIST::FUNCTION:
+BN_sqr                                  162     EXIST::FUNCTION:
+BN_sub                                  163     EXIST::FUNCTION:
+BN_to_ASN1_INTEGER                      164     EXIST::FUNCTION:
+BN_ucmp                                 165     EXIST::FUNCTION:
+BN_value_one                            166     EXIST::FUNCTION:
+BUF_MEM_free                            167     EXIST::FUNCTION:
+BUF_MEM_grow                            168     EXIST::FUNCTION:
+BUF_MEM_new                             169     EXIST::FUNCTION:
+BUF_strdup                              170     EXIST::FUNCTION:
+CONF_free                               171     EXIST::FUNCTION:
+CONF_get_number                         172     EXIST::FUNCTION:
+CONF_get_section                        173     EXIST::FUNCTION:
+CONF_get_string                         174     EXIST::FUNCTION:
+CONF_load                               175     EXIST::FUNCTION:
+CRYPTO_add_lock                         176     EXIST::FUNCTION:
+CRYPTO_dbg_free                         177     EXIST::FUNCTION:
+CRYPTO_dbg_malloc                       178     EXIST::FUNCTION:
+CRYPTO_dbg_realloc                      179     EXIST::FUNCTION:
+CRYPTO_dbg_remalloc                     180     NOEXIST::FUNCTION:
+CRYPTO_free                             181     EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback            182     EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183     EXIST::FUNCTION:DEPRECATED
+CRYPTO_get_lock_name                    184     EXIST::FUNCTION:
+CRYPTO_get_locking_callback             185     EXIST::FUNCTION:
+CRYPTO_get_mem_functions                186     EXIST::FUNCTION:
+CRYPTO_lock                             187     EXIST::FUNCTION:
+CRYPTO_malloc                           188     EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         189     EXIST::FUNCTION:
+CRYPTO_mem_leaks                        190     EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb                     191     EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     192     EXIST::FUNCTION:FP_API
+CRYPTO_realloc                          193     EXIST::FUNCTION:
+CRYPTO_remalloc                         194     EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback            195     EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196     EXIST::FUNCTION:DEPRECATED
+CRYPTO_set_locking_callback             197     EXIST::FUNCTION:
+CRYPTO_set_mem_functions                198     EXIST::FUNCTION:
+CRYPTO_thread_id                        199     EXIST::FUNCTION:DEPRECATED
+DH_check                                200     EXIST::FUNCTION:DH
+DH_compute_key                          201     EXIST::FUNCTION:DH
+DH_free                                 202     EXIST::FUNCTION:DH
+DH_generate_key                         203     EXIST::FUNCTION:DH
+DH_generate_parameters                  204     EXIST::FUNCTION:DEPRECATED,DH
+DH_new                                  205     EXIST::FUNCTION:DH
+DH_size                                 206     EXIST::FUNCTION:DH
+DHparams_print                          207     EXIST::FUNCTION:BIO,DH
+DHparams_print_fp                       208     EXIST::FUNCTION:DH,FP_API
+DSA_free                                209     EXIST::FUNCTION:DSA
+DSA_generate_key                        210     EXIST::FUNCTION:DSA
+DSA_generate_parameters                 211     EXIST::FUNCTION:DEPRECATED,DSA
+DSA_is_prime                            212     NOEXIST::FUNCTION:
+DSA_new                                 213     EXIST::FUNCTION:DSA
+DSA_print                               214     EXIST::FUNCTION:BIO,DSA
+DSA_print_fp                            215     EXIST::FUNCTION:DSA,FP_API
+DSA_sign                                216     EXIST::FUNCTION:DSA
+DSA_sign_setup                          217     EXIST::FUNCTION:DSA
+DSA_size                                218     EXIST::FUNCTION:DSA
+DSA_verify                              219     EXIST::FUNCTION:DSA
+DSAparams_print                         220     EXIST::FUNCTION:BIO,DSA
+DSAparams_print_fp                      221     EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error                         222     EXIST::FUNCTION:
+ERR_error_string                        223     EXIST::FUNCTION:
+ERR_free_strings                        224     EXIST::FUNCTION:
+ERR_func_error_string                   225     EXIST::FUNCTION:
+ERR_get_err_state_table                 226     EXIST::FUNCTION:LHASH
+ERR_get_error                           227     EXIST::FUNCTION:
+ERR_get_error_line                      228     EXIST::FUNCTION:
+ERR_get_state                           229     EXIST::FUNCTION:
+ERR_get_string_table                    230     EXIST::FUNCTION:LHASH
+ERR_lib_error_string                    231     EXIST::FUNCTION:
+ERR_load_ASN1_strings                   232     EXIST::FUNCTION:
+ERR_load_BIO_strings                    233     EXIST::FUNCTION:
+ERR_load_BN_strings                     234     EXIST::FUNCTION:
+ERR_load_BUF_strings                    235     EXIST::FUNCTION:
+ERR_load_CONF_strings                   236     EXIST::FUNCTION:
+ERR_load_DH_strings                     237     EXIST::FUNCTION:DH
+ERR_load_DSA_strings                    238     EXIST::FUNCTION:DSA
+ERR_load_ERR_strings                    239     EXIST::FUNCTION:
+ERR_load_EVP_strings                    240     EXIST::FUNCTION:
+ERR_load_OBJ_strings                    241     EXIST::FUNCTION:
+ERR_load_PEM_strings                    242     EXIST::FUNCTION:
+ERR_load_PROXY_strings                  243     NOEXIST::FUNCTION:
+ERR_load_RSA_strings                    244     EXIST::FUNCTION:RSA
+ERR_load_X509_strings                   245     EXIST::FUNCTION:
+ERR_load_crypto_strings                 246     EXIST::FUNCTION:
+ERR_load_strings                        247     EXIST::FUNCTION:
+ERR_peek_error                          248     EXIST::FUNCTION:
+ERR_peek_error_line                     249     EXIST::FUNCTION:
+ERR_print_errors                        250     EXIST::FUNCTION:BIO
+ERR_print_errors_fp                     251     EXIST::FUNCTION:FP_API
+ERR_put_error                           252     EXIST::FUNCTION:
+ERR_reason_error_string                 253     EXIST::FUNCTION:
+ERR_remove_state                        254     EXIST::FUNCTION:DEPRECATED
+EVP_BytesToKey                          255     EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup                  256     EXIST::FUNCTION:
+EVP_CipherFinal                         257     EXIST::FUNCTION:
+EVP_CipherInit                          258     EXIST::FUNCTION:
+EVP_CipherUpdate                        259     EXIST::FUNCTION:
+EVP_DecodeBlock                         260     EXIST::FUNCTION:
+EVP_DecodeFinal                         261     EXIST::FUNCTION:
+EVP_DecodeInit                          262     EXIST::FUNCTION:
+EVP_DecodeUpdate                        263     EXIST::FUNCTION:
+EVP_DecryptFinal                        264     EXIST::FUNCTION:
+EVP_DecryptInit                         265     EXIST::FUNCTION:
+EVP_DecryptUpdate                       266     EXIST::FUNCTION:
+EVP_DigestFinal                         267     EXIST::FUNCTION:
+EVP_DigestInit                          268     EXIST::FUNCTION:
+EVP_DigestUpdate                        269     EXIST::FUNCTION:
+EVP_EncodeBlock                         270     EXIST::FUNCTION:
+EVP_EncodeFinal                         271     EXIST::FUNCTION:
+EVP_EncodeInit                          272     EXIST::FUNCTION:
+EVP_EncodeUpdate                        273     EXIST::FUNCTION:
+EVP_EncryptFinal                        274     EXIST::FUNCTION:
+EVP_EncryptInit                         275     EXIST::FUNCTION:
+EVP_EncryptUpdate                       276     EXIST::FUNCTION:
+EVP_OpenFinal                           277     EXIST::FUNCTION:RSA
+EVP_OpenInit                            278     EXIST::FUNCTION:RSA
+EVP_PKEY_assign                         279     EXIST::FUNCTION:
+EVP_PKEY_copy_parameters                280     EXIST::FUNCTION:
+EVP_PKEY_free                           281     EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             282     EXIST::FUNCTION:
+EVP_PKEY_new                            283     EXIST::FUNCTION:
+EVP_PKEY_save_parameters                284     EXIST::FUNCTION:
+EVP_PKEY_size                           285     EXIST::FUNCTION:
+EVP_PKEY_type                           286     EXIST::FUNCTION:
+EVP_SealFinal                           287     EXIST::FUNCTION:RSA
+EVP_SealInit                            288     EXIST::FUNCTION:RSA
+EVP_SignFinal                           289     EXIST::FUNCTION:
+EVP_VerifyFinal                         290     EXIST::FUNCTION:
+EVP_add_alias                           291     NOEXIST::FUNCTION:
+EVP_add_cipher                          292     EXIST::FUNCTION:
+EVP_add_digest                          293     EXIST::FUNCTION:
+EVP_bf_cbc                              294     EXIST::FUNCTION:BF
+EVP_bf_cfb64                            295     EXIST::FUNCTION:BF
+EVP_bf_ecb                              296     EXIST::FUNCTION:BF
+EVP_bf_ofb                              297     EXIST::FUNCTION:BF
+EVP_cleanup                             298     EXIST::FUNCTION:
+EVP_des_cbc                             299     EXIST::FUNCTION:DES
+EVP_des_cfb64                           300     EXIST::FUNCTION:DES
+EVP_des_ecb                             301     EXIST::FUNCTION:DES
+EVP_des_ede                             302     EXIST::FUNCTION:DES
+EVP_des_ede3                            303     EXIST::FUNCTION:DES
+EVP_des_ede3_cbc                        304     EXIST::FUNCTION:DES
+EVP_des_ede3_cfb64                      305     EXIST::FUNCTION:DES
+EVP_des_ede3_ofb                        306     EXIST::FUNCTION:DES
+EVP_des_ede_cbc                         307     EXIST::FUNCTION:DES
+EVP_des_ede_cfb64                       308     EXIST::FUNCTION:DES
+EVP_des_ede_ofb                         309     EXIST::FUNCTION:DES
+EVP_des_ofb                             310     EXIST::FUNCTION:DES
+EVP_desx_cbc                            311     EXIST::FUNCTION:DES
+EVP_dss                                 312     EXIST::FUNCTION:DSA,SHA
+EVP_dss1                                313     EXIST::FUNCTION:DSA,SHA
+EVP_enc_null                            314     EXIST::FUNCTION:
+EVP_get_cipherbyname                    315     EXIST::FUNCTION:
+EVP_get_digestbyname                    316     EXIST::FUNCTION:
+EVP_get_pw_prompt                       317     EXIST::FUNCTION:
+EVP_idea_cbc                            318     EXIST::FUNCTION:IDEA
+EVP_idea_cfb64                          319     EXIST::FUNCTION:IDEA
+EVP_idea_ecb                            320     EXIST::FUNCTION:IDEA
+EVP_idea_ofb                            321     EXIST::FUNCTION:IDEA
+EVP_md2                                 322     EXIST::FUNCTION:MD2
+EVP_md5                                 323     EXIST::FUNCTION:MD5
+EVP_md_null                             324     EXIST::FUNCTION:
+EVP_rc2_cbc                             325     EXIST::FUNCTION:RC2
+EVP_rc2_cfb64                           326     EXIST::FUNCTION:RC2
+EVP_rc2_ecb                             327     EXIST::FUNCTION:RC2
+EVP_rc2_ofb                             328     EXIST::FUNCTION:RC2
+EVP_rc4                                 329     EXIST::FUNCTION:RC4
+EVP_read_pw_string                      330     EXIST::FUNCTION:
+EVP_set_pw_prompt                       331     EXIST::FUNCTION:
+EVP_sha                                 332     EXIST::FUNCTION:SHA
+EVP_sha1                                333     EXIST::FUNCTION:SHA
+MD2                                     334     EXIST::FUNCTION:MD2
+MD2_Final                               335     EXIST::FUNCTION:MD2
+MD2_Init                                336     EXIST::FUNCTION:MD2
+MD2_Update                              337     EXIST::FUNCTION:MD2
+MD2_options                             338     EXIST::FUNCTION:MD2
+MD5                                     339     EXIST::FUNCTION:MD5
+MD5_Final                               340     EXIST::FUNCTION:MD5
+MD5_Init                                341     EXIST::FUNCTION:MD5
+MD5_Update                              342     EXIST::FUNCTION:MD5
+MDC2                                    343     EXIST::FUNCTION:MDC2
+MDC2_Final                              344     EXIST::FUNCTION:MDC2
+MDC2_Init                               345     EXIST::FUNCTION:MDC2
+MDC2_Update                             346     EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free                     347     EXIST::FUNCTION:
+NETSCAPE_SPKAC_new                      348     EXIST::FUNCTION:
+NETSCAPE_SPKI_free                      349     EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       350     EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351     EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify                    352     EXIST::FUNCTION:EVP
+OBJ_add_object                          353     EXIST::FUNCTION:
+OBJ_bsearch                             354     NOEXIST::FUNCTION:
+OBJ_cleanup                             355     EXIST::FUNCTION:
+OBJ_cmp                                 356     EXIST::FUNCTION:
+OBJ_create                              357     EXIST::FUNCTION:
+OBJ_dup                                 358     EXIST::FUNCTION:
+OBJ_ln2nid                              359     EXIST::FUNCTION:
+OBJ_new_nid                             360     EXIST::FUNCTION:
+OBJ_nid2ln                              361     EXIST::FUNCTION:
+OBJ_nid2obj                             362     EXIST::FUNCTION:
+OBJ_nid2sn                              363     EXIST::FUNCTION:
+OBJ_obj2nid                             364     EXIST::FUNCTION:
+OBJ_sn2nid                              365     EXIST::FUNCTION:
+OBJ_txt2nid                             366     EXIST::FUNCTION:
+PEM_ASN1_read                           367     EXIST::FUNCTION:
+PEM_ASN1_read_bio                       368     EXIST::FUNCTION:BIO
+PEM_ASN1_write                          369     EXIST::FUNCTION:
+PEM_ASN1_write_bio                      370     EXIST::FUNCTION:BIO
+PEM_SealFinal                           371     EXIST::FUNCTION:RSA
+PEM_SealInit                            372     EXIST::FUNCTION:RSA
+PEM_SealUpdate                          373     EXIST::FUNCTION:RSA
+PEM_SignFinal                           374     EXIST::FUNCTION:
+PEM_SignInit                            375     EXIST::FUNCTION:
+PEM_SignUpdate                          376     EXIST::FUNCTION:
+PEM_X509_INFO_read                      377     EXIST::FUNCTION:
+PEM_X509_INFO_read_bio                  378     EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio                 379     EXIST::FUNCTION:BIO
+PEM_dek_info                            380     EXIST::FUNCTION:
+PEM_do_header                           381     EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO                 382     EXIST::FUNCTION:
+PEM_proc_type                           383     EXIST::FUNCTION:
+PEM_read                                384     EXIST::FUNCTION:
+PEM_read_DHparams                       385     EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey                  386     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams                      387     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7                          388     EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey                     389     EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey                  390     EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509                           391     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL                       392     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ                       393     EXIST:!WIN16:FUNCTION:
+PEM_read_bio                            394     EXIST::FUNCTION:BIO
+PEM_read_bio_DHparams                   395     EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey              396     EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams                  397     EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7                      398     EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 399     EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              400     EXIST::FUNCTION:RSA
+PEM_read_bio_X509                       401     EXIST::FUNCTION:
+PEM_read_bio_X509_CRL                   402     EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   403     EXIST::FUNCTION:
+PEM_write                               404     EXIST::FUNCTION:
+PEM_write_DHparams                      405     EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey                 406     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams                     407     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7                         408     EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey                    409     EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey                 410     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509                          411     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL                      412     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ                      413     EXIST:!WIN16:FUNCTION:
+PEM_write_bio                           414     EXIST::FUNCTION:BIO
+PEM_write_bio_DHparams                  415     EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey             416     EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams                 417     EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7                     418     EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                419     EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey             420     EXIST::FUNCTION:RSA
+PEM_write_bio_X509                      421     EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  422     EXIST::FUNCTION:
+PEM_write_bio_X509_REQ                  423     EXIST::FUNCTION:
+PKCS7_DIGEST_free                       424     EXIST::FUNCTION:
+PKCS7_DIGEST_new                        425     EXIST::FUNCTION:
+PKCS7_ENCRYPT_free                      426     EXIST::FUNCTION:
+PKCS7_ENCRYPT_new                       427     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  428     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   429     EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     430     EXIST::FUNCTION:
+PKCS7_ENVELOPE_new                      431     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest          432     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            433     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             434     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   435     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    436     EXIST::FUNCTION:
+PKCS7_SIGNED_free                       437     EXIST::FUNCTION:
+PKCS7_SIGNED_new                        438     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  439     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   440     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                441     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 442     EXIST::FUNCTION:
+PKCS7_dup                               443     EXIST::FUNCTION:
+PKCS7_free                              444     EXIST::FUNCTION:
+PKCS7_new                               445     EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy                 446     NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy               447     NOEXIST::FUNCTION:
+PROXY_ENTRY_free                        448     NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy                 449     NOEXIST::FUNCTION:
+PROXY_ENTRY_new                         450     NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server                  451     NOEXIST::FUNCTION:
+PROXY_add_noproxy                       452     NOEXIST::FUNCTION:
+PROXY_add_server                        453     NOEXIST::FUNCTION:
+PROXY_check_by_host                     454     NOEXIST::FUNCTION:
+PROXY_check_url                         455     NOEXIST::FUNCTION:
+PROXY_clear_noproxy                     456     NOEXIST::FUNCTION:
+PROXY_free                              457     NOEXIST::FUNCTION:
+PROXY_get_noproxy                       458     NOEXIST::FUNCTION:
+PROXY_get_proxies                       459     NOEXIST::FUNCTION:
+PROXY_get_proxy_entry                   460     NOEXIST::FUNCTION:
+PROXY_load_conf                         461     NOEXIST::FUNCTION:
+PROXY_new                               462     NOEXIST::FUNCTION:
+PROXY_print                             463     NOEXIST::FUNCTION:
+RAND_bytes                              464     EXIST::FUNCTION:
+RAND_cleanup                            465     EXIST::FUNCTION:
+RAND_file_name                          466     EXIST::FUNCTION:
+RAND_load_file                          467     EXIST::FUNCTION:
+RAND_screen                             468     EXIST:WIN32:FUNCTION:
+RAND_seed                               469     EXIST::FUNCTION:
+RAND_write_file                         470     EXIST::FUNCTION:
+RC2_cbc_encrypt                         471     EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       472     EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         473     EXIST::FUNCTION:RC2
+RC2_encrypt                             474     EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       475     EXIST::FUNCTION:RC2
+RC2_set_key                             476     EXIST::FUNCTION:RC2
+RC4                                     477     EXIST::FUNCTION:RC4
+RC4_options                             478     EXIST::FUNCTION:RC4
+RC4_set_key                             479     EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth                 480     NOEXIST::FUNCTION:
+RSAPrivateKey_dup                       481     EXIST::FUNCTION:RSA
+RSAPublicKey_dup                        482     EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay                        483     EXIST::FUNCTION:RSA
+RSA_free                                484     EXIST::FUNCTION:RSA
+RSA_generate_key                        485     EXIST::FUNCTION:DEPRECATED,RSA
+RSA_new                                 486     EXIST::FUNCTION:RSA
+RSA_new_method                          487     EXIST::FUNCTION:RSA
+RSA_print                               488     EXIST::FUNCTION:BIO,RSA
+RSA_print_fp                            489     EXIST::FUNCTION:FP_API,RSA
+RSA_private_decrypt                     490     EXIST::FUNCTION:RSA
+RSA_private_encrypt                     491     EXIST::FUNCTION:RSA
+RSA_public_decrypt                      492     EXIST::FUNCTION:RSA
+RSA_public_encrypt                      493     EXIST::FUNCTION:RSA
+RSA_set_default_method                  494     EXIST::FUNCTION:RSA
+RSA_sign                                495     EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING              496     EXIST::FUNCTION:RSA
+RSA_size                                497     EXIST::FUNCTION:RSA
+RSA_verify                              498     EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING            499     EXIST::FUNCTION:RSA
+SHA                                     500     EXIST::FUNCTION:SHA,SHA0
+SHA1                                    501     EXIST::FUNCTION:SHA,SHA1
+SHA1_Final                              502     EXIST::FUNCTION:SHA,SHA1
+SHA1_Init                               503     EXIST::FUNCTION:SHA,SHA1
+SHA1_Update                             504     EXIST::FUNCTION:SHA,SHA1
+SHA_Final                               505     EXIST::FUNCTION:SHA,SHA0
+SHA_Init                                506     EXIST::FUNCTION:SHA,SHA0
+SHA_Update                              507     EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms              508     NOEXIST::FUNCTION:
+OpenSSL_add_all_ciphers                 509     EXIST::FUNCTION:
+OpenSSL_add_all_digests                 510     EXIST::FUNCTION:
+TXT_DB_create_index                     511     EXIST::FUNCTION:
+TXT_DB_free                             512     EXIST::FUNCTION:
+TXT_DB_get_by_index                     513     EXIST::FUNCTION:
+TXT_DB_insert                           514     EXIST::FUNCTION:
+TXT_DB_read                             515     EXIST::FUNCTION:BIO
+TXT_DB_write                            516     EXIST::FUNCTION:BIO
+X509_ALGOR_free                         517     EXIST::FUNCTION:
+X509_ALGOR_new                          518     EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     519     EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      520     EXIST::FUNCTION:
+X509_CINF_free                          521     EXIST::FUNCTION:
+X509_CINF_new                           522     EXIST::FUNCTION:
+X509_CRL_INFO_free                      523     EXIST::FUNCTION:
+X509_CRL_INFO_new                       524     EXIST::FUNCTION:
+X509_CRL_add_ext                        525     EXIST::FUNCTION:
+X509_CRL_cmp                            526     EXIST::FUNCTION:
+X509_CRL_delete_ext                     527     EXIST::FUNCTION:
+X509_CRL_dup                            528     EXIST::FUNCTION:
+X509_CRL_free                           529     EXIST::FUNCTION:
+X509_CRL_get_ext                        530     EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 531     EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 532     EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            533     EXIST::FUNCTION:
+X509_CRL_get_ext_count                  534     EXIST::FUNCTION:
+X509_CRL_new                            535     EXIST::FUNCTION:
+X509_CRL_sign                           536     EXIST::FUNCTION:EVP
+X509_CRL_verify                         537     EXIST::FUNCTION:EVP
+X509_EXTENSION_create_by_NID            538     EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ            539     EXIST::FUNCTION:
+X509_EXTENSION_dup                      540     EXIST::FUNCTION:
+X509_EXTENSION_free                     541     EXIST::FUNCTION:
+X509_EXTENSION_get_critical             542     EXIST::FUNCTION:
+X509_EXTENSION_get_data                 543     EXIST::FUNCTION:
+X509_EXTENSION_get_object               544     EXIST::FUNCTION:
+X509_EXTENSION_new                      545     EXIST::FUNCTION:
+X509_EXTENSION_set_critical             546     EXIST::FUNCTION:
+X509_EXTENSION_set_data                 547     EXIST::FUNCTION:
+X509_EXTENSION_set_object               548     EXIST::FUNCTION:
+X509_INFO_free                          549     EXIST::FUNCTION:EVP
+X509_INFO_new                           550     EXIST::FUNCTION:EVP
+X509_LOOKUP_by_alias                    551     EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              552     EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial            553     EXIST::FUNCTION:
+X509_LOOKUP_by_subject                  554     EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        555     EXIST::FUNCTION:
+X509_LOOKUP_file                        556     EXIST::FUNCTION:
+X509_LOOKUP_free                        557     EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    558     EXIST::FUNCTION:
+X509_LOOKUP_init                        559     EXIST::FUNCTION:
+X509_LOOKUP_new                         560     EXIST::FUNCTION:
+X509_LOOKUP_shutdown                    561     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID           562     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ           563     EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     564     EXIST::FUNCTION:
+X509_NAME_ENTRY_free                    565     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data                566     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              567     EXIST::FUNCTION:
+X509_NAME_ENTRY_new                     568     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                569     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object              570     EXIST::FUNCTION:
+X509_NAME_add_entry                     571     EXIST::FUNCTION:
+X509_NAME_cmp                           572     EXIST::FUNCTION:
+X509_NAME_delete_entry                  573     EXIST::FUNCTION:
+X509_NAME_digest                        574     EXIST::FUNCTION:EVP
+X509_NAME_dup                           575     EXIST::FUNCTION:
+X509_NAME_entry_count                   576     EXIST::FUNCTION:
+X509_NAME_free                          577     EXIST::FUNCTION:
+X509_NAME_get_entry                     578     EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              579     EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ              580     EXIST::FUNCTION:
+X509_NAME_get_text_by_NID               581     EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ               582     EXIST::FUNCTION:
+X509_NAME_hash                          583     EXIST::FUNCTION:
+X509_NAME_new                           584     EXIST::FUNCTION:
+X509_NAME_oneline                       585     EXIST::FUNCTION:EVP
+X509_NAME_print                         586     EXIST::FUNCTION:BIO
+X509_NAME_set                           587     EXIST::FUNCTION:
+X509_OBJECT_free_contents               588     EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         589     EXIST::FUNCTION:
+X509_OBJECT_up_ref_count                590     EXIST::FUNCTION:
+X509_PKEY_free                          591     EXIST::FUNCTION:
+X509_PKEY_new                           592     EXIST::FUNCTION:
+X509_PUBKEY_free                        593     EXIST::FUNCTION:
+X509_PUBKEY_get                         594     EXIST::FUNCTION:
+X509_PUBKEY_new                         595     EXIST::FUNCTION:
+X509_PUBKEY_set                         596     EXIST::FUNCTION:
+X509_REQ_INFO_free                      597     EXIST::FUNCTION:
+X509_REQ_INFO_new                       598     EXIST::FUNCTION:
+X509_REQ_dup                            599     EXIST::FUNCTION:
+X509_REQ_free                           600     EXIST::FUNCTION:
+X509_REQ_get_pubkey                     601     EXIST::FUNCTION:
+X509_REQ_new                            602     EXIST::FUNCTION:
+X509_REQ_print                          603     EXIST::FUNCTION:BIO
+X509_REQ_print_fp                       604     EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey                     605     EXIST::FUNCTION:
+X509_REQ_set_subject_name               606     EXIST::FUNCTION:
+X509_REQ_set_version                    607     EXIST::FUNCTION:
+X509_REQ_sign                           608     EXIST::FUNCTION:EVP
+X509_REQ_to_X509                        609     EXIST::FUNCTION:
+X509_REQ_verify                         610     EXIST::FUNCTION:EVP
+X509_REVOKED_add_ext                    611     EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 612     EXIST::FUNCTION:
+X509_REVOKED_free                       613     EXIST::FUNCTION:
+X509_REVOKED_get_ext                    614     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID             615     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ             616     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617     EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic          617     EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count              618     EXIST::FUNCTION:
+X509_REVOKED_new                        619     EXIST::FUNCTION:
+X509_SIG_free                           620     EXIST::FUNCTION:
+X509_SIG_new                            621     EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  622     EXIST::FUNCTION:
+X509_STORE_CTX_init                     623     EXIST::FUNCTION:
+X509_STORE_add_cert                     624     EXIST::FUNCTION:
+X509_STORE_add_lookup                   625     EXIST::FUNCTION:
+X509_STORE_free                         626     EXIST::FUNCTION:
+X509_STORE_get_by_subject               627     EXIST::FUNCTION:
+X509_STORE_load_locations               628     EXIST::FUNCTION:STDIO
+X509_STORE_new                          629     EXIST::FUNCTION:
+X509_STORE_set_default_paths            630     EXIST::FUNCTION:STDIO
+X509_VAL_free                           631     EXIST::FUNCTION:
+X509_VAL_new                            632     EXIST::FUNCTION:
+X509_add_ext                            633     EXIST::FUNCTION:
+X509_asn1_meth                          634     NOEXIST::FUNCTION:
+X509_certificate_type                   635     EXIST::FUNCTION:
+X509_check_private_key                  636     EXIST::FUNCTION:
+X509_cmp_current_time                   637     EXIST::FUNCTION:
+X509_delete_ext                         638     EXIST::FUNCTION:
+X509_digest                             639     EXIST::FUNCTION:EVP
+X509_dup                                640     EXIST::FUNCTION:
+X509_free                               641     EXIST::FUNCTION:
+X509_get_default_cert_area              642     EXIST::FUNCTION:
+X509_get_default_cert_dir               643     EXIST::FUNCTION:
+X509_get_default_cert_dir_env           644     EXIST::FUNCTION:
+X509_get_default_cert_file              645     EXIST::FUNCTION:
+X509_get_default_cert_file_env          646     EXIST::FUNCTION:
+X509_get_default_private_dir            647     EXIST::FUNCTION:
+X509_get_ext                            648     EXIST::FUNCTION:
+X509_get_ext_by_NID                     649     EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     650     EXIST::FUNCTION:
+X509_get_ext_by_critical                651     EXIST::FUNCTION:
+X509_get_ext_count                      652     EXIST::FUNCTION:
+X509_get_issuer_name                    653     EXIST::FUNCTION:
+X509_get_pubkey                         654     EXIST::FUNCTION:
+X509_get_pubkey_parameters              655     EXIST::FUNCTION:
+X509_get_serialNumber                   656     EXIST::FUNCTION:
+X509_get_subject_name                   657     EXIST::FUNCTION:
+X509_gmtime_adj                         658     EXIST::FUNCTION:
+X509_issuer_and_serial_cmp              659     EXIST::FUNCTION:
+X509_issuer_and_serial_hash             660     EXIST::FUNCTION:
+X509_issuer_name_cmp                    661     EXIST::FUNCTION:
+X509_issuer_name_hash                   662     EXIST::FUNCTION:
+X509_load_cert_file                     663     EXIST::FUNCTION:STDIO
+X509_new                                664     EXIST::FUNCTION:
+X509_print                              665     EXIST::FUNCTION:BIO
+X509_print_fp                           666     EXIST::FUNCTION:FP_API
+X509_set_issuer_name                    667     EXIST::FUNCTION:
+X509_set_notAfter                       668     EXIST::FUNCTION:
+X509_set_notBefore                      669     EXIST::FUNCTION:
+X509_set_pubkey                         670     EXIST::FUNCTION:
+X509_set_serialNumber                   671     EXIST::FUNCTION:
+X509_set_subject_name                   672     EXIST::FUNCTION:
+X509_set_version                        673     EXIST::FUNCTION:
+X509_sign                               674     EXIST::FUNCTION:EVP
+X509_subject_name_cmp                   675     EXIST::FUNCTION:
+X509_subject_name_hash                  676     EXIST::FUNCTION:
+X509_to_X509_REQ                        677     EXIST::FUNCTION:
+X509_verify                             678     EXIST::FUNCTION:EVP
+X509_verify_cert                        679     EXIST::FUNCTION:
+X509_verify_cert_error_string           680     EXIST::FUNCTION:
+X509v3_add_ext                          681     EXIST::FUNCTION:
+X509v3_add_extension                    682     NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions          683     NOEXIST::FUNCTION:
+X509v3_add_standard_extensions          684     NOEXIST::FUNCTION:
+X509v3_cleanup_extensions               685     NOEXIST::FUNCTION:
+X509v3_data_type_by_NID                 686     NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ                 687     NOEXIST::FUNCTION:
+X509v3_delete_ext                       688     EXIST::FUNCTION:
+X509v3_get_ext                          689     EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   690     EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   691     EXIST::FUNCTION:
+X509v3_get_ext_by_critical              692     EXIST::FUNCTION:
+X509v3_get_ext_count                    693     EXIST::FUNCTION:
+X509v3_pack_string                      694     NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID                 695     NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ                 696     NOEXIST::FUNCTION:
+X509v3_unpack_string                    697     NOEXIST::FUNCTION:
+_des_crypt                              698     NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT                         699     EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700     EXIST::FUNCTION:BIO
+a2i_ASN1_STRING                         701     EXIST::FUNCTION:BIO
+asn1_Finish                             702     EXIST::FUNCTION:
+asn1_GetSequence                        703     EXIST::FUNCTION:
+bn_div_words                            704     EXIST::FUNCTION:
+bn_expand2                              705     EXIST::FUNCTION:
+bn_mul_add_words                        706     EXIST::FUNCTION:
+bn_mul_words                            707     EXIST::FUNCTION:
+BN_uadd                                 708     EXIST::FUNCTION:
+BN_usub                                 709     EXIST::FUNCTION:
+bn_sqr_words                            710     EXIST::FUNCTION:
+_ossl_old_crypt                         711     EXIST:!NeXT,!PERL5:FUNCTION:DES
+d2i_ASN1_BIT_STRING                     712     EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN                        713     EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714     NOEXIST::FUNCTION:
+d2i_ASN1_IA5STRING                      715     EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        716     EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         717     EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING                   718     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      719     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING                720     EXIST::FUNCTION:
+d2i_ASN1_SET                            721     EXIST::FUNCTION:
+d2i_ASN1_T61STRING                      722     EXIST::FUNCTION:
+d2i_ASN1_TYPE                           723     EXIST::FUNCTION:
+d2i_ASN1_UTCTIME                        724     EXIST::FUNCTION:
+d2i_ASN1_bytes                          725     EXIST::FUNCTION:
+d2i_ASN1_type_bytes                     726     EXIST::FUNCTION:
+d2i_DHparams                            727     EXIST::FUNCTION:DH
+d2i_DSAPrivateKey                       728     EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729     EXIST::FUNCTION:BIO,DSA
+d2i_DSAPrivateKey_fp                    730     EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey                        731     EXIST::FUNCTION:DSA
+d2i_DSAparams                           732     EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC                      733     EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       734     EXIST::FUNCTION:
+d2i_Netscape_RSA                        735     EXIST::FUNCTION:RC4,RSA
+d2i_PKCS7                               736     EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        737     EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       738     EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   739     EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE                      740     EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             741     EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO                    742     EXIST::FUNCTION:
+d2i_PKCS7_SIGNED                        743     EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO                   744     EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 745     EXIST::FUNCTION:
+d2i_PKCS7_bio                           746     EXIST::FUNCTION:
+d2i_PKCS7_fp                            747     EXIST::FUNCTION:FP_API
+d2i_PrivateKey                          748     EXIST::FUNCTION:
+d2i_PublicKey                           749     EXIST::FUNCTION:
+d2i_RSAPrivateKey                       750     EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751     EXIST::FUNCTION:BIO,RSA
+d2i_RSAPrivateKey_fp                    752     EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey                        753     EXIST::FUNCTION:RSA
+d2i_X509                                754     EXIST::FUNCTION:
+d2i_X509_ALGOR                          755     EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE                      756     EXIST::FUNCTION:
+d2i_X509_CINF                           757     EXIST::FUNCTION:
+d2i_X509_CRL                            758     EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       759     EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760     EXIST::FUNCTION:BIO
+d2i_X509_CRL_fp                         761     EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION                      762     EXIST::FUNCTION:
+d2i_X509_NAME                           763     EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY                     764     EXIST::FUNCTION:
+d2i_X509_PKEY                           765     EXIST::FUNCTION:
+d2i_X509_PUBKEY                         766     EXIST::FUNCTION:
+d2i_X509_REQ                            767     EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       768     EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769     EXIST::FUNCTION:BIO
+d2i_X509_REQ_fp                         770     EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED                        771     EXIST::FUNCTION:
+d2i_X509_SIG                            772     EXIST::FUNCTION:
+d2i_X509_VAL                            773     EXIST::FUNCTION:
+d2i_X509_bio                            774     EXIST::FUNCTION:BIO
+d2i_X509_fp                             775     EXIST::FUNCTION:FP_API
+DES_cbc_cksum                           777     EXIST::FUNCTION:DES
+DES_cbc_encrypt                         778     EXIST::FUNCTION:DES
+DES_cblock_print_file                   779     NOEXIST::FUNCTION:
+DES_cfb64_encrypt                       780     EXIST::FUNCTION:DES
+DES_cfb_encrypt                         781     EXIST::FUNCTION:DES
+DES_decrypt3                            782     EXIST::FUNCTION:DES
+DES_ecb3_encrypt                        783     EXIST::FUNCTION:DES
+DES_ecb_encrypt                         784     EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt                    785     EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt                  786     EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt                  787     EXIST::FUNCTION:DES
+DES_enc_read                            788     EXIST::FUNCTION:DES
+DES_enc_write                           789     EXIST::FUNCTION:DES
+DES_encrypt1                            790     EXIST::FUNCTION:DES
+DES_encrypt2                            791     EXIST::FUNCTION:DES
+DES_encrypt3                            792     EXIST::FUNCTION:DES
+DES_fcrypt                              793     EXIST::FUNCTION:DES
+DES_is_weak_key                         794     EXIST::FUNCTION:DES
+DES_key_sched                           795     EXIST::FUNCTION:DES
+DES_ncbc_encrypt                        796     EXIST::FUNCTION:DES
+DES_ofb64_encrypt                       797     EXIST::FUNCTION:DES
+DES_ofb_encrypt                         798     EXIST::FUNCTION:DES
+DES_options                             799     EXIST::FUNCTION:DES
+DES_pcbc_encrypt                        800     EXIST::FUNCTION:DES
+DES_quad_cksum                          801     EXIST::FUNCTION:DES
+DES_random_key                          802     EXIST::FUNCTION:DES
+_ossl_old_des_random_seed               803     EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords           804     EXIST::FUNCTION:DES
+_ossl_old_des_read_password             805     EXIST::FUNCTION:DES
+_ossl_old_des_read_pw                   806     EXIST::FUNCTION:
+_ossl_old_des_read_pw_string            807     EXIST::FUNCTION:
+DES_set_key                             808     EXIST::FUNCTION:DES
+DES_set_odd_parity                      809     EXIST::FUNCTION:DES
+DES_string_to_2keys                     810     EXIST::FUNCTION:DES
+DES_string_to_key                       811     EXIST::FUNCTION:DES
+DES_xcbc_encrypt                        812     EXIST::FUNCTION:DES
+DES_xwhite_in2out                       813     NOEXIST::FUNCTION:
+fcrypt_body                             814     NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815     EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT                         816     EXIST::FUNCTION:BIO
+i2a_ASN1_STRING                         817     EXIST::FUNCTION:BIO
+i2d_ASN1_BIT_STRING                     818     EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN                        819     EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820     NOEXIST::FUNCTION:
+i2d_ASN1_IA5STRING                      821     EXIST::FUNCTION:
+i2d_ASN1_INTEGER                        822     EXIST::FUNCTION:
+i2d_ASN1_OBJECT                         823     EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING                   824     EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE                      825     EXIST::FUNCTION:
+i2d_ASN1_SET                            826     EXIST::FUNCTION:
+i2d_ASN1_TYPE                           827     EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        828     EXIST::FUNCTION:
+i2d_ASN1_bytes                          829     EXIST::FUNCTION:
+i2d_DHparams                            830     EXIST::FUNCTION:DH
+i2d_DSAPrivateKey                       831     EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832     EXIST::FUNCTION:BIO,DSA
+i2d_DSAPrivateKey_fp                    833     EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey                        834     EXIST::FUNCTION:DSA
+i2d_DSAparams                           835     EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC                      836     EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI                       837     EXIST::FUNCTION:
+i2d_Netscape_RSA                        838     EXIST::FUNCTION:RC4,RSA
+i2d_PKCS7                               839     EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        840     EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       841     EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT                   842     EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      843     EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             844     EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    845     EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        846     EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO                   847     EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 848     EXIST::FUNCTION:
+i2d_PKCS7_bio                           849     EXIST::FUNCTION:
+i2d_PKCS7_fp                            850     EXIST::FUNCTION:FP_API
+i2d_PrivateKey                          851     EXIST::FUNCTION:
+i2d_PublicKey                           852     EXIST::FUNCTION:
+i2d_RSAPrivateKey                       853     EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854     EXIST::FUNCTION:BIO,RSA
+i2d_RSAPrivateKey_fp                    855     EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey                        856     EXIST::FUNCTION:RSA
+i2d_X509                                857     EXIST::FUNCTION:
+i2d_X509_ALGOR                          858     EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE                      859     EXIST::FUNCTION:
+i2d_X509_CINF                           860     EXIST::FUNCTION:
+i2d_X509_CRL                            861     EXIST::FUNCTION:
+i2d_X509_CRL_INFO                       862     EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863     EXIST::FUNCTION:BIO
+i2d_X509_CRL_fp                         864     EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION                      865     EXIST::FUNCTION:
+i2d_X509_NAME                           866     EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     867     EXIST::FUNCTION:
+i2d_X509_PKEY                           868     EXIST::FUNCTION:
+i2d_X509_PUBKEY                         869     EXIST::FUNCTION:
+i2d_X509_REQ                            870     EXIST::FUNCTION:
+i2d_X509_REQ_INFO                       871     EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872     EXIST::FUNCTION:BIO
+i2d_X509_REQ_fp                         873     EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED                        874     EXIST::FUNCTION:
+i2d_X509_SIG                            875     EXIST::FUNCTION:
+i2d_X509_VAL                            876     EXIST::FUNCTION:
+i2d_X509_bio                            877     EXIST::FUNCTION:BIO
+i2d_X509_fp                             878     EXIST::FUNCTION:FP_API
+idea_cbc_encrypt                        879     EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt                      880     EXIST::FUNCTION:IDEA
+idea_ecb_encrypt                        881     EXIST::FUNCTION:IDEA
+idea_encrypt                            882     EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt                      883     EXIST::FUNCTION:IDEA
+idea_options                            884     EXIST::FUNCTION:IDEA
+idea_set_decrypt_key                    885     EXIST::FUNCTION:IDEA
+idea_set_encrypt_key                    886     EXIST::FUNCTION:IDEA
+lh_delete                               887     EXIST::FUNCTION:
+lh_doall                                888     EXIST::FUNCTION:
+lh_doall_arg                            889     EXIST::FUNCTION:
+lh_free                                 890     EXIST::FUNCTION:
+lh_insert                               891     EXIST::FUNCTION:
+lh_new                                  892     EXIST::FUNCTION:
+lh_node_stats                           893     EXIST::FUNCTION:FP_API
+lh_node_stats_bio                       894     EXIST::FUNCTION:BIO
+lh_node_usage_stats                     895     EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio                 896     EXIST::FUNCTION:BIO
+lh_retrieve                             897     EXIST::FUNCTION:
+lh_stats                                898     EXIST::FUNCTION:FP_API
+lh_stats_bio                            899     EXIST::FUNCTION:BIO
+lh_strhash                              900     EXIST::FUNCTION:
+sk_delete                               901     EXIST::FUNCTION:
+sk_delete_ptr                           902     EXIST::FUNCTION:
+sk_dup                                  903     EXIST::FUNCTION:
+sk_find                                 904     EXIST::FUNCTION:
+sk_free                                 905     EXIST::FUNCTION:
+sk_insert                               906     EXIST::FUNCTION:
+sk_new                                  907     EXIST::FUNCTION:
+sk_pop                                  908     EXIST::FUNCTION:
+sk_pop_free                             909     EXIST::FUNCTION:
+sk_push                                 910     EXIST::FUNCTION:
+sk_set_cmp_func                         911     EXIST::FUNCTION:
+sk_shift                                912     EXIST::FUNCTION:
+sk_unshift                              913     EXIST::FUNCTION:
+sk_zero                                 914     EXIST::FUNCTION:
+BIO_f_nbio_test                         915     EXIST::FUNCTION:
+ASN1_TYPE_get                           916     EXIST::FUNCTION:
+ASN1_TYPE_set                           917     EXIST::FUNCTION:
+PKCS7_content_free                      918     NOEXIST::FUNCTION:
+ERR_load_PKCS7_strings                  919     EXIST::FUNCTION:
+X509_find_by_issuer_and_serial          920     EXIST::FUNCTION:
+X509_find_by_subject                    921     EXIST::FUNCTION:
+PKCS7_ctrl                              927     EXIST::FUNCTION:
+PKCS7_set_type                          928     EXIST::FUNCTION:
+PKCS7_set_content                       929     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set                   930     EXIST::FUNCTION:
+PKCS7_add_signer                        931     EXIST::FUNCTION:
+PKCS7_add_certificate                   932     EXIST::FUNCTION:
+PKCS7_add_crl                           933     EXIST::FUNCTION:
+PKCS7_content_new                       934     EXIST::FUNCTION:
+PKCS7_dataSign                          935     NOEXIST::FUNCTION:
+PKCS7_dataVerify                        936     EXIST::FUNCTION:
+PKCS7_dataInit                          937     EXIST::FUNCTION:
+PKCS7_add_signature                     938     EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             939     EXIST::FUNCTION:
+PKCS7_get_signer_info                   940     EXIST::FUNCTION:
+EVP_delete_alias                        941     NOEXIST::FUNCTION:
+EVP_mdc2                                942     EXIST::FUNCTION:MDC2
+PEM_read_bio_RSAPublicKey               943     EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey              944     EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945     EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio                    946     EXIST::FUNCTION:BIO,RSA
+PEM_read_RSAPublicKey                   947     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey                  949     EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp                     952     EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey_fp                     954     EXIST::FUNCTION:FP_API,RSA
+BIO_copy_next_retry                     955     EXIST::FUNCTION:
+RSA_flags                               956     EXIST::FUNCTION:RSA
+X509_STORE_add_crl                      957     EXIST::FUNCTION:
+X509_load_crl_file                      958     EXIST::FUNCTION:STDIO
+EVP_rc2_40_cbc                          959     EXIST::FUNCTION:RC2
+EVP_rc4_40                              960     EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init                     961     EXIST::FUNCTION:
+HMAC                                    962     EXIST::FUNCTION:HMAC
+HMAC_Init                               963     EXIST::FUNCTION:HMAC
+HMAC_Update                             964     EXIST::FUNCTION:HMAC
+HMAC_Final                              965     EXIST::FUNCTION:HMAC
+ERR_get_next_error_library              966     EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 967     EXIST::FUNCTION:
+HMAC_cleanup                            968     NOEXIST::FUNCTION:
+BIO_ptr_ctrl                            969     EXIST::FUNCTION:
+BIO_new_file_internal                   970     NOEXIST::FUNCTION:
+BIO_new_fp_internal                     971     NOEXIST::FUNCTION:
+BIO_s_file_internal                     972     NOEXIST::FUNCTION:
+BN_BLINDING_convert                     973     EXIST::FUNCTION:
+BN_BLINDING_invert                      974     EXIST::FUNCTION:
+BN_BLINDING_update                      975     EXIST::FUNCTION:
+RSA_blinding_on                         977     EXIST::FUNCTION:RSA
+RSA_blinding_off                        978     EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT                         979     EXIST::FUNCTION:
+BN_BLINDING_new                         980     EXIST::FUNCTION:
+BN_BLINDING_free                        981     EXIST::FUNCTION:
+EVP_cast5_cbc                           983     EXIST::FUNCTION:CAST
+EVP_cast5_cfb64                         984     EXIST::FUNCTION:CAST
+EVP_cast5_ecb                           985     EXIST::FUNCTION:CAST
+EVP_cast5_ofb                           986     EXIST::FUNCTION:CAST
+BF_decrypt                              987     EXIST::FUNCTION:BF
+CAST_set_key                            988     EXIST::FUNCTION:CAST
+CAST_encrypt                            989     EXIST::FUNCTION:CAST
+CAST_decrypt                            990     EXIST::FUNCTION:CAST
+CAST_ecb_encrypt                        991     EXIST::FUNCTION:CAST
+CAST_cbc_encrypt                        992     EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt                      993     EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt                      994     EXIST::FUNCTION:CAST
+RC2_decrypt                             995     EXIST::FUNCTION:RC2
+OBJ_create_objects                      997     EXIST::FUNCTION:
+BN_exp                                  998     EXIST::FUNCTION:
+BN_mul_word                             999     EXIST::FUNCTION:
+BN_sub_word                             1000    EXIST::FUNCTION:
+BN_dec2bn                               1001    EXIST::FUNCTION:
+BN_bn2dec                               1002    EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003    NOEXIST::FUNCTION:
+CRYPTO_free_ex_data                     1004    EXIST::FUNCTION:
+CRYPTO_get_ex_data                      1005    EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1007    EXIST::FUNCTION:
+ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS:FUNCTION:
+EVP_PKEY_bits                           1010    EXIST::FUNCTION:
+MD5_Transform                           1011    EXIST::FUNCTION:MD5
+SHA1_Transform                          1012    EXIST::FUNCTION:SHA,SHA1
+SHA_Transform                           1013    EXIST::FUNCTION:SHA,SHA0
+X509_STORE_CTX_get_chain                1014    EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1015    EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1016    EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth          1017    EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              1018    EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1020    EXIST::FUNCTION:
+X509_STORE_CTX_set_chain                1021    EXIST::FUNCTION:
+X509_STORE_CTX_set_error                1022    EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              1023    EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1025    EXIST::FUNCTION:
+CRYPTO_get_new_lockid                   1026    EXIST::FUNCTION:
+CRYPTO_new_ex_data                      1027    EXIST::FUNCTION:
+RSA_set_ex_data                         1028    EXIST::FUNCTION:RSA
+RSA_get_ex_data                         1029    EXIST::FUNCTION:RSA
+RSA_get_ex_new_index                    1030    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1            1031    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2            1032    EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23                  1033    EXIST::FUNCTION:RSA
+RSA_padding_add_none                    1034    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1          1035    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2          1036    EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23                1037    EXIST::FUNCTION:RSA
+RSA_padding_check_none                  1038    EXIST::FUNCTION:RSA
+bn_add_words                            1039    EXIST::FUNCTION:
+d2i_Netscape_RSA_2                      1040    NOEXIST::FUNCTION:
+CRYPTO_get_ex_new_index                 1041    EXIST::FUNCTION:
+RIPEMD160_Init                          1042    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update                        1043    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final                         1044    EXIST::FUNCTION:RIPEMD
+RIPEMD160                               1045    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform                     1046    EXIST::FUNCTION:RIPEMD
+RC5_32_set_key                          1047    EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      1048    EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1049    EXIST::FUNCTION:RC5
+RC5_32_decrypt                          1050    EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      1051    EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1052    EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1053    EXIST::FUNCTION:RC5
+BN_bn2mpi                               1058    EXIST::FUNCTION:
+BN_mpi2bn                               1059    EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 1060    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 1061    EXIST::FUNCTION:
+BIO_get_ex_data                         1062    EXIST::FUNCTION:
+BIO_get_ex_new_index                    1063    EXIST::FUNCTION:
+BIO_set_ex_data                         1064    EXIST::FUNCTION:
+X509v3_get_key_usage                    1066    NOEXIST::FUNCTION:
+X509v3_set_key_usage                    1067    NOEXIST::FUNCTION:
+a2i_X509v3_key_usage                    1068    NOEXIST::FUNCTION:
+i2a_X509v3_key_usage                    1069    NOEXIST::FUNCTION:
+EVP_PKEY_decrypt                        1070    EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1071    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set                    1072    EXIST::FUNCTION:
+PKCS7_add_recipient                     1073    EXIST::FUNCTION:
+PKCS7_add_recipient_info                1074    EXIST::FUNCTION:
+PKCS7_set_cipher                        1075    EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           1076    EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               1077    EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           1078    EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               1079    EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 1080    EXIST::FUNCTION:
+ERR_add_error_data                      1081    EXIST::FUNCTION:
+ERR_set_error_data                      1082    EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1083    EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1084    EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1085    EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv                  1086    EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc                    1087    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb64                  1088    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb                    1089    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb                    1090    EXIST::FUNCTION:RC5
+asn1_add_error                          1091    EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING                      1092    EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING                      1093    EXIST::FUNCTION:
+BIO_f_ber                               1094    NOEXIST::FUNCTION:
+BN_init                                 1095    EXIST::FUNCTION:
+COMP_CTX_new                            1096    EXIST::FUNCTION:
+COMP_CTX_free                           1097    EXIST::FUNCTION:
+COMP_CTX_compress_block                 1098    NOEXIST::FUNCTION:
+COMP_CTX_expand_block                   1099    NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index         1100    EXIST::FUNCTION:
+OBJ_NAME_add                            1101    EXIST::FUNCTION:
+BIO_socket_nbio                         1102    EXIST::FUNCTION:
+EVP_rc2_64_cbc                          1103    EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup                        1104    EXIST::FUNCTION:
+OBJ_NAME_get                            1105    EXIST::FUNCTION:
+OBJ_NAME_init                           1106    EXIST::FUNCTION:
+OBJ_NAME_new_index                      1107    EXIST::FUNCTION:
+OBJ_NAME_remove                         1108    EXIST::FUNCTION:
+BN_MONT_CTX_copy                        1109    EXIST::FUNCTION:
+BIO_new_socks4a_connect                 1110    NOEXIST::FUNCTION:
+BIO_s_socks4a_connect                   1111    NOEXIST::FUNCTION:
+PROXY_set_connect_mode                  1112    NOEXIST::FUNCTION:
+RAND_SSLeay                             1113    EXIST::FUNCTION:
+RAND_set_rand_method                    1114    EXIST::FUNCTION:
+RSA_memory_lock                         1115    EXIST::FUNCTION:RSA
+bn_sub_words                            1116    EXIST::FUNCTION:
+bn_mul_normal                           1117    NOEXIST::FUNCTION:
+bn_mul_comba8                           1118    NOEXIST::FUNCTION:
+bn_mul_comba4                           1119    NOEXIST::FUNCTION:
+bn_sqr_normal                           1120    NOEXIST::FUNCTION:
+bn_sqr_comba8                           1121    NOEXIST::FUNCTION:
+bn_sqr_comba4                           1122    NOEXIST::FUNCTION:
+bn_cmp_words                            1123    NOEXIST::FUNCTION:
+bn_mul_recursive                        1124    NOEXIST::FUNCTION:
+bn_mul_part_recursive                   1125    NOEXIST::FUNCTION:
+bn_sqr_recursive                        1126    NOEXIST::FUNCTION:
+bn_mul_low_normal                       1127    NOEXIST::FUNCTION:
+BN_RECP_CTX_init                        1128    EXIST::FUNCTION:
+BN_RECP_CTX_new                         1129    EXIST::FUNCTION:
+BN_RECP_CTX_free                        1130    EXIST::FUNCTION:
+BN_RECP_CTX_set                         1131    EXIST::FUNCTION:
+BN_mod_mul_reciprocal                   1132    EXIST::FUNCTION:
+BN_mod_exp_recp                         1133    EXIST::FUNCTION:
+BN_div_recp                             1134    EXIST::FUNCTION:
+BN_CTX_init                             1135    EXIST::FUNCTION:DEPRECATED
+BN_MONT_CTX_init                        1136    EXIST::FUNCTION:
+RAND_get_rand_method                    1137    EXIST::FUNCTION:
+PKCS7_add_attribute                     1138    EXIST::FUNCTION:
+PKCS7_add_signed_attribute              1139    EXIST::FUNCTION:
+PKCS7_digest_from_attributes            1140    EXIST::FUNCTION:
+PKCS7_get_attribute                     1141    EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial             1142    EXIST::FUNCTION:
+PKCS7_get_signed_attribute              1143    EXIST::FUNCTION:
+COMP_compress_block                     1144    EXIST::FUNCTION:
+COMP_expand_block                       1145    EXIST::FUNCTION:
+COMP_rle                                1146    EXIST::FUNCTION:
+COMP_zlib                               1147    EXIST::FUNCTION:
+ms_time_diff                            1148    NOEXIST::FUNCTION:
+ms_time_new                             1149    NOEXIST::FUNCTION:
+ms_time_free                            1150    NOEXIST::FUNCTION:
+ms_time_cmp                             1151    NOEXIST::FUNCTION:
+ms_time_get                             1152    NOEXIST::FUNCTION:
+PKCS7_set_attributes                    1153    EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1154    EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1155    EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1156    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              1157    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158    EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_set                1159    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         1160    EXIST::FUNCTION:
+ASN1_TIME_print                         1161    EXIST::FUNCTION:BIO
+BASIC_CONSTRAINTS_free                  1162    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new                   1163    EXIST::FUNCTION:
+ERR_load_X509V3_strings                 1164    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free             1165    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              1166    EXIST::FUNCTION:
+OBJ_txt2obj                             1167    EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ                    1168    EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169    EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ                1169    EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ                   1170    EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171    EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ               1171    EXIST:VMS:FUNCTION:
+X509V3_EXT_add                          1172    EXIST::FUNCTION:
+X509V3_EXT_add_alias                    1173    EXIST::FUNCTION:
+X509V3_EXT_add_conf                     1174    EXIST::FUNCTION:
+X509V3_EXT_cleanup                      1175    EXIST::FUNCTION:
+X509V3_EXT_conf                         1176    EXIST::FUNCTION:
+X509V3_EXT_conf_nid                     1177    EXIST::FUNCTION:
+X509V3_EXT_get                          1178    EXIST::FUNCTION:
+X509V3_EXT_get_nid                      1179    EXIST::FUNCTION:
+X509V3_EXT_print                        1180    EXIST::FUNCTION:
+X509V3_EXT_print_fp                     1181    EXIST::FUNCTION:
+X509V3_add_standard_extensions          1182    EXIST::FUNCTION:
+X509V3_add_value                        1183    EXIST::FUNCTION:
+X509V3_add_value_bool                   1184    EXIST::FUNCTION:
+X509V3_add_value_int                    1185    EXIST::FUNCTION:
+X509V3_conf_free                        1186    EXIST::FUNCTION:
+X509V3_get_value_bool                   1187    EXIST::FUNCTION:
+X509V3_get_value_int                    1188    EXIST::FUNCTION:
+X509V3_parse_list                       1189    EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1190    EXIST::FUNCTION:
+d2i_ASN1_TIME                           1191    EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   1192    EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE              1193    EXIST::FUNCTION:
+d2i_ext_ku                              1194    NOEXIST::FUNCTION:
+ext_ku_free                             1195    NOEXIST::FUNCTION:
+ext_ku_new                              1196    NOEXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME                1197    EXIST::FUNCTION:
+i2d_ASN1_TIME                           1198    EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS                   1199    EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE              1200    EXIST::FUNCTION:
+i2d_ext_ku                              1201    NOEXIST::FUNCTION:
+EVP_MD_CTX_copy                         1202    EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED                     1203    EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     1204    EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     1205    EXIST::FUNCTION:
+ASN1_ENUMERATED_get                     1206    EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED                   1207    EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1208    EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209    EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED                     1210    EXIST::FUNCTION:BIO
+i2d_GENERAL_NAME                        1211    EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1212    EXIST::FUNCTION:
+GENERAL_NAME_new                        1213    EXIST::FUNCTION:
+GENERAL_NAME_free                       1214    EXIST::FUNCTION:
+GENERAL_NAMES_new                       1215    EXIST::FUNCTION:
+GENERAL_NAMES_free                      1216    EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       1217    EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       1218    EXIST::FUNCTION:
+i2v_GENERAL_NAMES                       1219    EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING                   1220    EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING                   1221    EXIST::FUNCTION:
+X509V3_EXT_check_conf                   1222    NOEXIST::FUNCTION:
+hex_to_string                           1223    EXIST::FUNCTION:
+string_to_hex                           1224    EXIST::FUNCTION:
+DES_ede3_cbcm_encrypt                   1225    EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP              1226    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP            1227    EXIST::FUNCTION:RSA
+X509_CRL_print_fp                       1228    EXIST::FUNCTION:FP_API
+X509_CRL_print                          1229    EXIST::FUNCTION:BIO
+i2v_GENERAL_NAME                        1230    EXIST::FUNCTION:
+v2i_GENERAL_NAME                        1231    EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   1232    EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD                   1233    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   1234    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  1235    EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1236    EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        1237    EXIST::FUNCTION:
+X509V3_EXT_d2i                          1238    EXIST::FUNCTION:
+name_cmp                                1239    EXIST::FUNCTION:
+str_dup                                 1240    NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     1241    EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE               1242    EXIST::FUNCTION:
+BIO_s_log                               1243    EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable                          1244    EXIST::FUNCTION:BIO
+PKCS7_dataFinal                         1245    EXIST::FUNCTION:
+PKCS7_dataDecode                        1246    EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 1247    EXIST::FUNCTION:
+BN_set_params                           1248    EXIST::FUNCTION:DEPRECATED
+BN_get_params                           1249    EXIST::FUNCTION:DEPRECATED
+BIO_get_ex_num                          1250    NOEXIST::FUNCTION:
+BIO_set_ex_free_func                    1251    NOEXIST::FUNCTION:
+EVP_ripemd160                           1252    EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set                           1253    EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1254    EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID                     1255    EXIST::FUNCTION:
+AUTHORITY_KEYID_new                     1256    EXIST::FUNCTION:
+AUTHORITY_KEYID_free                    1257    EXIST::FUNCTION:
+ASN1_seq_unpack                         1258    EXIST::FUNCTION:
+ASN1_seq_pack                           1259    EXIST::FUNCTION:
+ASN1_unpack_string                      1260    EXIST::FUNCTION:
+ASN1_pack_string                        1261    EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262    NOEXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG                      1263    EXIST::FUNCTION:
+PKCS8_encrypt                           1264    EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG                    1265    EXIST::FUNCTION:
+PKCS12_pack_p7data                      1266    EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   1267    EXIST::FUNCTION:
+PKCS12_add_localkeyid                   1268    EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             1269    EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             1270    EXIST::FUNCTION:
+PKCS12_get_friendlyname                 1271    EXIST::FUNCTION:
+PKCS12_pbe_crypt                        1272    EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273    NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274    NOEXIST::FUNCTION:
+PKCS12_init                             1275    EXIST::FUNCTION:
+PKCS12_key_gen_asc                      1276    EXIST::FUNCTION:
+PKCS12_key_gen_uni                      1277    EXIST::FUNCTION:
+PKCS12_gen_mac                          1278    EXIST::FUNCTION:
+PKCS12_verify_mac                       1279    EXIST::FUNCTION:
+PKCS12_set_mac                          1280    EXIST::FUNCTION:
+PKCS12_setup_mac                        1281    EXIST::FUNCTION:
+OPENSSL_asc2uni                         1282    EXIST::FUNCTION:
+OPENSSL_uni2asc                         1283    EXIST::FUNCTION:
+i2d_PKCS12_BAGS                         1284    EXIST::FUNCTION:
+PKCS12_BAGS_new                         1285    EXIST::FUNCTION:
+d2i_PKCS12_BAGS                         1286    EXIST::FUNCTION:
+PKCS12_BAGS_free                        1287    EXIST::FUNCTION:
+i2d_PKCS12                              1288    EXIST::FUNCTION:
+d2i_PKCS12                              1289    EXIST::FUNCTION:
+PKCS12_new                              1290    EXIST::FUNCTION:
+PKCS12_free                             1291    EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA                     1292    EXIST::FUNCTION:
+PKCS12_MAC_DATA_new                     1293    EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA                     1294    EXIST::FUNCTION:
+PKCS12_MAC_DATA_free                    1295    EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG                      1296    EXIST::FUNCTION:
+PKCS12_SAFEBAG_new                      1297    EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      1298    EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1299    EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 1300    EXIST::FUNCTION:
+PKCS12_PBE_add                          1301    EXIST::FUNCTION:
+PKCS8_add_keyusage                      1302    EXIST::FUNCTION:
+PKCS12_get_attr_gen                     1303    EXIST::FUNCTION:
+PKCS12_parse                            1304    EXIST::FUNCTION:
+PKCS12_create                           1305    EXIST::FUNCTION:
+i2d_PKCS12_bio                          1306    EXIST::FUNCTION:
+i2d_PKCS12_fp                           1307    EXIST::FUNCTION:
+d2i_PKCS12_bio                          1308    EXIST::FUNCTION:
+d2i_PKCS12_fp                           1309    EXIST::FUNCTION:
+i2d_PBEPARAM                            1310    EXIST::FUNCTION:
+PBEPARAM_new                            1311    EXIST::FUNCTION:
+d2i_PBEPARAM                            1312    EXIST::FUNCTION:
+PBEPARAM_free                           1313    EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 1314    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new                 1315    EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO                 1316    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                1317    EXIST::FUNCTION:
+EVP_PKCS82PKEY                          1318    EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          1319    EXIST::FUNCTION:
+PKCS8_set_broken                        1320    EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit                1321    NOEXIST::FUNCTION:
+EVP_PBE_alg_add                         1322    EXIST::FUNCTION:
+PKCS5_pbe_set                           1323    EXIST::FUNCTION:
+EVP_PBE_cleanup                         1324    EXIST::FUNCTION:
+i2d_SXNET                               1325    EXIST::FUNCTION:
+d2i_SXNET                               1326    EXIST::FUNCTION:
+SXNET_new                               1327    EXIST::FUNCTION:
+SXNET_free                              1328    EXIST::FUNCTION:
+i2d_SXNETID                             1329    EXIST::FUNCTION:
+d2i_SXNETID                             1330    EXIST::FUNCTION:
+SXNETID_new                             1331    EXIST::FUNCTION:
+SXNETID_free                            1332    EXIST::FUNCTION:
+DSA_SIG_new                             1333    EXIST::FUNCTION:DSA
+DSA_SIG_free                            1334    EXIST::FUNCTION:DSA
+DSA_do_sign                             1335    EXIST::FUNCTION:DSA
+DSA_do_verify                           1336    EXIST::FUNCTION:DSA
+d2i_DSA_SIG                             1337    EXIST::FUNCTION:DSA
+i2d_DSA_SIG                             1338    EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING                  1339    EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  1340    EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING                     1341    EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING                     1342    EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     1343    EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     1344    EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         1345    EXIST::FUNCTION:
+d2i_DISPLAYTEXT                         1346    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509                    1379    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509                    1380    NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM                         1397    EXIST::FUNCTION:
+PBKDF2PARAM_new                         1398    EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         1399    EXIST::FUNCTION:
+PBKDF2PARAM_free                        1400    EXIST::FUNCTION:
+i2d_PBE2PARAM                           1401    EXIST::FUNCTION:
+PBE2PARAM_new                           1402    EXIST::FUNCTION:
+d2i_PBE2PARAM                           1403    EXIST::FUNCTION:
+PBE2PARAM_free                          1404    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME            1421    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME            1422    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID                 1439    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID                 1440    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO              1475    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO              1476    NOEXIST::FUNCTION:
+SXNET_add_id_asc                        1477    EXIST::FUNCTION:
+SXNET_add_id_ulong                      1478    EXIST::FUNCTION:
+SXNET_add_id_INTEGER                    1479    EXIST::FUNCTION:
+SXNET_get_id_asc                        1480    EXIST::FUNCTION:
+SXNET_get_id_ulong                      1481    EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1482    EXIST::FUNCTION:
+X509V3_set_conf_lhash                   1483    EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 1484    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 1485    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1486    EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES                 1487    EXIST::FUNCTION:
+i2d_POLICYINFO                          1488    EXIST::FUNCTION:
+POLICYINFO_new                          1489    EXIST::FUNCTION:
+d2i_POLICYINFO                          1490    EXIST::FUNCTION:
+POLICYINFO_free                         1491    EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      1492    EXIST::FUNCTION:
+POLICYQUALINFO_new                      1493    EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      1494    EXIST::FUNCTION:
+POLICYQUALINFO_free                     1495    EXIST::FUNCTION:
+i2d_USERNOTICE                          1496    EXIST::FUNCTION:
+USERNOTICE_new                          1497    EXIST::FUNCTION:
+d2i_USERNOTICE                          1498    EXIST::FUNCTION:
+USERNOTICE_free                         1499    EXIST::FUNCTION:
+i2d_NOTICEREF                           1500    EXIST::FUNCTION:
+NOTICEREF_new                           1501    EXIST::FUNCTION:
+d2i_NOTICEREF                           1502    EXIST::FUNCTION:
+NOTICEREF_free                          1503    EXIST::FUNCTION:
+X509V3_get_string                       1504    EXIST::FUNCTION:
+X509V3_get_section                      1505    EXIST::FUNCTION:
+X509V3_string_free                      1506    EXIST::FUNCTION:
+X509V3_section_free                     1507    EXIST::FUNCTION:
+X509V3_set_ctx                          1508    EXIST::FUNCTION:
+s2i_ASN1_INTEGER                        1509    EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions         1510    EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions         1511    EXIST::FUNCTION:
+CRYPTO_malloc_locked                    1512    EXIST::FUNCTION:
+CRYPTO_free_locked                      1513    EXIST::FUNCTION:
+BN_mod_exp2_mont                        1514    EXIST::FUNCTION:
+ERR_get_error_line_data                 1515    EXIST::FUNCTION:
+ERR_peek_error_line_data                1516    EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1517    EXIST::FUNCTION:
+X509_ALGOR_dup                          1518    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT              1535    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT              1536    NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS                     1537    EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1538    EXIST::FUNCTION:
+CRL_DIST_POINTS_free                    1539    EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS                     1540    EXIST::FUNCTION:
+i2d_DIST_POINT                          1541    EXIST::FUNCTION:
+DIST_POINT_new                          1542    EXIST::FUNCTION:
+d2i_DIST_POINT                          1543    EXIST::FUNCTION:
+DIST_POINT_free                         1544    EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     1545    EXIST::FUNCTION:
+DIST_POINT_NAME_new                     1546    EXIST::FUNCTION:
+DIST_POINT_NAME_free                    1547    EXIST::FUNCTION:
+d2i_DIST_POINT_NAME                     1548    EXIST::FUNCTION:
+X509V3_add_value_uchar                  1549    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE               1560    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION          1567    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE               1589    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION          1624    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633    NOEXIST::FUNCTION:
+X509V3_EXT_i2d                          1646    EXIST::FUNCTION:
+X509V3_EXT_val_prn                      1647    EXIST::FUNCTION:
+X509V3_EXT_add_list                     1648    EXIST::FUNCTION:
+EVP_CIPHER_type                         1649    EXIST::FUNCTION:
+EVP_PBE_CipherInit                      1650    EXIST::FUNCTION:
+X509V3_add_value_bool_nf                1651    EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       1652    EXIST::FUNCTION:
+sk_value                                1653    EXIST::FUNCTION:
+sk_num                                  1654    EXIST::FUNCTION:
+sk_set                                  1655    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED            1661    NOEXIST::FUNCTION:
+sk_sort                                 1671    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED            1674    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR              1682    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL                1685    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR              1696    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL                1702    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753    NOEXIST::FUNCTION:
+PKCS5_PBE_add                           1775    EXIST::FUNCTION:
+PEM_write_bio_PKCS8                     1776    EXIST::FUNCTION:
+i2d_PKCS8_fp                            1777    EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778    EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO           1778    EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio                           1779    EXIST::FUNCTION:BIO
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780    EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781    EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO          1781    EXIST:VMS:FUNCTION:
+PEM_read_PKCS8                          1782    EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783    EXIST::FUNCTION:BIO
+d2i_PKCS8_fp                            1784    EXIST::FUNCTION:FP_API
+PEM_write_PKCS8                         1785    EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO               1786    EXIST:VMS:FUNCTION:
+PEM_read_bio_PKCS8                      1787    EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO              1788    EXIST:VMS:FUNCTION:
+PKCS5_PBE_keyivgen                      1789    EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790    EXIST::FUNCTION:BIO
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791    EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792    EXIST::FUNCTION:BIO
+BIO_s_bio                               1793    EXIST::FUNCTION:
+PKCS5_pbe2_set                          1794    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  1795    EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   1796    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1797    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey               1798    EXIST::FUNCTION:
+BIO_ctrl_get_read_request               1799    EXIST::FUNCTION:
+BIO_ctrl_pending                        1800    EXIST::FUNCTION:
+BIO_ctrl_wpending                       1801    EXIST::FUNCTION:
+BIO_new_bio_pair                        1802    EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee            1803    EXIST::FUNCTION:
+CRYPTO_num_locks                        1804    EXIST::FUNCTION:
+CONF_load_bio                           1805    EXIST::FUNCTION:
+CONF_load_fp                            1806    EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844    NOEXIST::FUNCTION:
+PKCS7_signatureVerify                   1845    EXIST::FUNCTION:
+RSA_set_method                          1846    EXIST::FUNCTION:RSA
+RSA_get_method                          1847    EXIST::FUNCTION:RSA
+RSA_get_default_method                  1848    EXIST::FUNCTION:RSA
+RSA_check_key                           1869    EXIST::FUNCTION:RSA
+OBJ_obj2txt                             1870    EXIST::FUNCTION:
+DSA_dup_DH                              1871    EXIST::FUNCTION:DH,DSA
+X509_REQ_get_extensions                 1872    EXIST::FUNCTION:
+X509_REQ_set_extension_nids             1873    EXIST::FUNCTION:
+BIO_nwrite                              1874    EXIST::FUNCTION:
+X509_REQ_extension_nid                  1875    EXIST::FUNCTION:
+BIO_nread                               1876    EXIST::FUNCTION:
+X509_REQ_get_extension_nids             1877    EXIST::FUNCTION:
+BIO_nwrite0                             1878    EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1879    EXIST::FUNCTION:
+BIO_nread0                              1880    EXIST::FUNCTION:
+X509_REQ_add_extensions                 1881    EXIST::FUNCTION:
+BIO_new_mem_buf                         1882    EXIST::FUNCTION:
+DH_set_ex_data                          1883    EXIST::FUNCTION:DH
+DH_set_method                           1884    EXIST::FUNCTION:DH
+DSA_OpenSSL                             1885    EXIST::FUNCTION:DSA
+DH_get_ex_data                          1886    EXIST::FUNCTION:DH
+DH_get_ex_new_index                     1887    EXIST::FUNCTION:DH
+DSA_new_method                          1888    EXIST::FUNCTION:DSA
+DH_new_method                           1889    EXIST::FUNCTION:DH
+DH_OpenSSL                              1890    EXIST::FUNCTION:DH
+DSA_get_ex_new_index                    1891    EXIST::FUNCTION:DSA
+DH_get_default_method                   1892    EXIST::FUNCTION:DH
+DSA_set_ex_data                         1893    EXIST::FUNCTION:DSA
+DH_set_default_method                   1894    EXIST::FUNCTION:DH
+DSA_get_ex_data                         1895    EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf                 1896    EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey                1898    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode                1899    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey                1900    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode                1901    EXIST::FUNCTION:EVP
+UTF8_putc                               1902    EXIST::FUNCTION:
+UTF8_getc                               1903    EXIST::FUNCTION:
+RSA_null_method                         1904    EXIST::FUNCTION:RSA
+ASN1_tag2str                            1905    EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             1906    EXIST::FUNCTION:
+DISPLAYTEXT_new                         1907    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               1908    EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                1909    EXIST::FUNCTION:
+X509_set_ex_data                        1910    EXIST::FUNCTION:
+X509_reject_set_bit_asc                 1911    NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1912    EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              1914    EXIST::FUNCTION:
+X509_PURPOSE_get0                       1915    EXIST::FUNCTION:
+PEM_read_X509_AUX                       1917    EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS               1918    EXIST::FUNCTION:
+PEM_write_PUBKEY                        1921    EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new                  1925    EXIST::FUNCTION:
+X509_CERT_AUX_free                      1926    EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1927    EXIST::FUNCTION:
+X509_trust_clear                        1928    EXIST::FUNCTION:
+X509_TRUST_add                          1931    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new                  1932    EXIST::FUNCTION:
+X509_alias_set1                         1933    EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free               1934    EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       1935    EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new                      1936    EXIST::FUNCTION:
+ASN1_mbstring_copy                      1937    EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     1938    EXIST::FUNCTION:
+DSA_get_default_method                  1941    EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945    NOEXIST::FUNCTION:
+ASN1_T61STRING_free                     1946    EXIST::FUNCTION:
+DSA_set_method                          1949    EXIST::FUNCTION:DSA
+X509_get_ex_data                        1950    EXIST::FUNCTION:
+ASN1_STRING_type                        1951    EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname               1952    EXIST::FUNCTION:
+ASN1_TIME_free                          1954    EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp                   1955    EXIST::FUNCTION:
+ASN1_BIT_STRING_new                     1957    EXIST::FUNCTION:
+X509_get_ext_d2i                        1958    EXIST::FUNCTION:
+PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1960    EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc            1960    EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY                1961    EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp                        1963    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1964    EXIST::FUNCTION:FP_API,RSA
+X509_trust_set_bit_asc                  1967    NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968    EXIST::FUNCTION:DSA
+X509_STORE_CTX_free                     1969    EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1970    EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp                       1971    EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file                 1972    EXIST::FUNCTION:STDIO
+ASN1_TIME_new                           1973    EXIST::FUNCTION:
+i2d_RSA_PUBKEY                          1974    EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit          1976    EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY                     1977    EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX                            1980    EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1981    EXIST::FUNCTION:DSA
+X509_CERT_AUX_print                     1982    EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY                     1984    EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio                      1985    EXIST::FUNCTION:BIO,RSA
+ASN1_BIT_STRING_num_asc                 1986    EXIST::FUNCTION:
+i2d_PUBKEY                              1987    EXIST::FUNCTION:
+ASN1_UTCTIME_free                       1988    EXIST::FUNCTION:
+DSA_set_default_method                  1989    EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id                  1990    EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 1994    EXIST::FUNCTION:
+PEM_read_bio_PUBKEY                     1995    EXIST::FUNCTION:
+ASN1_STRING_set_by_NID                  1996    EXIST::FUNCTION:
+X509_PURPOSE_get_id                     1997    EXIST::FUNCTION:
+DISPLAYTEXT_free                        1998    EXIST::FUNCTION:
+OTHERNAME_new                           1999    EXIST::FUNCTION:
+X509_CERT_AUX_new                       2001    EXIST::FUNCTION:
+X509_TRUST_cleanup                      2007    EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ              2008    EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    2009    EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  2011    EXIST::FUNCTION:
+PEM_read_PUBKEY                         2012    EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio                      2014    EXIST::FUNCTION:BIO,DSA
+i2d_OTHERNAME                           2015    EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  2016    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 2017    EXIST::FUNCTION:
+X509_get_ex_new_index                   2019    EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               2020    EXIST::FUNCTION:
+X509_TRUST_get_by_id                    2021    EXIST::FUNCTION:
+X509_PURPOSE_get_trust                  2022    EXIST::FUNCTION:
+ASN1_STRING_length                      2023    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024    NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new                2025    EXIST::FUNCTION:
+X509V3_get_d2i                          2026    EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    2027    EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       2028    EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                2030    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask            2032    EXIST::FUNCTION:
+X509_STORE_CTX_new                      2033    EXIST::FUNCTION:
+EVP_PKEY_get1_RSA                       2034    EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free                    2038    EXIST::FUNCTION:
+PEM_write_X509_AUX                      2039    EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set                   2040    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       2041    EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY                          2044    EXIST::FUNCTION:RSA
+X509_TRUST_get0_name                    2046    EXIST::FUNCTION:
+X509_TRUST_get0                         2047    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free              2048    EXIST::FUNCTION:
+ASN1_IA5STRING_new                      2049    EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          2050    EXIST::FUNCTION:DSA
+X509_check_purpose                      2051    EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     2052    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      2053    EXIST::FUNCTION:BIO,RSA
+d2i_PUBKEY                              2054    EXIST::FUNCTION:
+X509_TRUST_get_trust                    2055    EXIST::FUNCTION:
+X509_TRUST_get_flags                    2056    EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2057    EXIST::FUNCTION:
+ASN1_T61STRING_new                      2058    EXIST::FUNCTION:
+ASN1_UTCTIME_new                        2060    EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS               2062    EXIST::FUNCTION:
+EVP_PKEY_set1_RSA                       2063    EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose              2064    EXIST::FUNCTION:
+ASN1_IA5STRING_free                     2065    EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  2066    EXIST::FUNCTION:
+X509_PURPOSE_get_count                  2067    EXIST::FUNCTION:
+CRYPTO_add_info                         2068    NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           2071    EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2072    EXIST::FUNCTION:
+X509_alias_get0                         2074    EXIST::FUNCTION:
+ASN1_STRING_data                        2075    EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2077    EXIST::FUNCTION:
+X509_trust_set_bit                      2078    NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free                    2080    EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2081    EXIST::FUNCTION:RSA
+X509_add1_reject_object                 2082    EXIST::FUNCTION:
+X509_check_trust                        2083    EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088    EXIST::FUNCTION:DSA
+X509_PURPOSE_add                        2090    EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   2091    EXIST::FUNCTION:
+ASN1_UTF8STRING_free                    2092    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      2093    EXIST::FUNCTION:BIO,DSA
+PEM_write_RSA_PUBKEY                    2095    EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME                           2096    EXIST::FUNCTION:
+X509_reject_set_bit                     2098    NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY                    2101    EXIST:!WIN16:FUNCTION:DSA
+X509_PURPOSE_get0_sname                 2105    EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2107    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup                   2108    EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     2109    EXIST::FUNCTION:
+X509_TRUST_get_count                    2110    EXIST::FUNCTION:
+ASN1_INTEGER_free                       2111    EXIST::FUNCTION:
+OTHERNAME_free                          2112    EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp                       2113    EXIST::FUNCTION:FP_API,RSA
+ASN1_INTEGER_dup                        2114    EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       2115    EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2117    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free                 2118    EXIST::FUNCTION:
+X509_PURPOSE_cleanup                    2119    EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     2123    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2126    EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        2128    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new                   2130    EXIST::FUNCTION:
+ASN1_INTEGER_new                        2131    EXIST::FUNCTION:
+i2d_X509_AUX                            2132    EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134    EXIST::FUNCTION:BIO
+X509_cmp                                2135    EXIST::FUNCTION:
+ASN1_STRING_length_set                  2136    EXIST::FUNCTION:
+DIRECTORYSTRING_new                     2137    EXIST::FUNCTION:
+X509_add1_trust_object                  2140    EXIST::FUNCTION:
+PKCS12_newpass                          2141    EXIST::FUNCTION:
+SMIME_write_PKCS7                       2142    EXIST::FUNCTION:
+SMIME_read_PKCS7                        2143    EXIST::FUNCTION:
+DES_set_key_checked                     2144    EXIST::FUNCTION:DES
+PKCS7_verify                            2145    EXIST::FUNCTION:
+PKCS7_encrypt                           2146    EXIST::FUNCTION:
+DES_set_key_unchecked                   2147    EXIST::FUNCTION:DES
+SMIME_crlf_copy                         2148    EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING                2149    EXIST::FUNCTION:
+PKCS7_get0_signers                      2150    EXIST::FUNCTION:
+PKCS7_decrypt                           2151    EXIST::FUNCTION:
+SMIME_text                              2152    EXIST::FUNCTION:
+PKCS7_simple_smimecap                   2153    EXIST::FUNCTION:
+PKCS7_get_smimecap                      2154    EXIST::FUNCTION:
+PKCS7_sign                              2155    EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               2156    EXIST::FUNCTION:
+CRYPTO_dbg_set_options                  2157    EXIST::FUNCTION:
+CRYPTO_remove_all_info                  2158    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions          2159    EXIST::FUNCTION:
+CRYPTO_is_mem_check_on                  2160    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions          2161    EXIST::FUNCTION:
+CRYPTO_pop_info                         2162    EXIST::FUNCTION:
+CRYPTO_push_info_                       2163    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options            2164    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           2165    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       2166    EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid          2166    EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio                 2167    EXIST::FUNCTION:
+ASN1_NULL_free                          2168    EXIST::FUNCTION:
+d2i_ASN1_NULL                           2169    EXIST::FUNCTION:
+ASN1_NULL_new                           2170    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio                 2171    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  2172    EXIST::FUNCTION:
+i2d_ASN1_NULL                           2173    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp              2174    EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  2175    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             2176    EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp              2177    EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio             2178    EXIST::FUNCTION:BIO
+PEM_cb                                  2179    NOEXIST::FUNCTION:
+i2d_PrivateKey_fp                       2180    EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio                      2181    EXIST::FUNCTION:BIO
+d2i_PrivateKey_fp                       2182    EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio                      2183    EXIST::FUNCTION:BIO
+X509_reject_clear                       2184    EXIST::FUNCTION:
+X509_TRUST_set_default                  2185    EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2186    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type                2187    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                2188    EXIST::FUNCTION:
+X509at_get_attr                         2189    EXIST::FUNCTION:
+X509at_get_attr_count                   2190    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID            2191    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              2192    EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    2193    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            2194    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2195    EXIST::FUNCTION:
+X509at_get_attr_by_NID                  2196    EXIST::FUNCTION:
+X509at_add1_attr                        2197    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data                2198    EXIST::FUNCTION:
+X509at_delete_attr                      2199    EXIST::FUNCTION:
+X509at_get_attr_by_OBJ                  2200    EXIST::FUNCTION:
+RAND_add                                2201    EXIST::FUNCTION:
+BIO_number_written                      2202    EXIST::FUNCTION:
+BIO_number_read                         2203    EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               2204    EXIST::FUNCTION:
+ERR_load_RAND_strings                   2205    EXIST::FUNCTION:
+RAND_pseudo_bytes                       2206    EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID                2207    EXIST::FUNCTION:
+X509_REQ_get_attr                       2208    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID               2209    EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ                2210    EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 2211    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2212    EXIST::FUNCTION:
+X509_REQ_get_attr_count                 2213    EXIST::FUNCTION:
+X509_REQ_add1_attr                      2214    EXIST::FUNCTION:
+X509_REQ_delete_attr                    2215    EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ                 2216    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               2217    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            2218    EXIST::FUNCTION:
+X509at_add1_attr_by_txt                 2219    EXIST::FUNCTION:
+BN_pseudo_rand                          2239    EXIST::FUNCTION:
+BN_is_prime_fasttest                    2240    EXIST::FUNCTION:DEPRECATED
+BN_CTX_end                              2241    EXIST::FUNCTION:
+BN_CTX_start                            2242    EXIST::FUNCTION:
+BN_CTX_get                              2243    EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken                   2244    EXIST::FUNCTION:
+ASN1_STRING_TABLE_add                   2245    EXIST::FUNCTION:
+CRYPTO_dbg_get_options                  2246    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               2247    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options            2248    EXIST::FUNCTION:
+DES_crypt                               2249    EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW              2250    EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  2251    EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl                       2252    EXIST::FUNCTION:
+RAND_egd                                2253    EXIST::FUNCTION:
+RAND_status                             2254    EXIST::FUNCTION:
+bn_dump1                                2255    NOEXIST::FUNCTION:
+DES_check_key_parity                    2256    EXIST::FUNCTION:DES
+lh_num_items                            2257    EXIST::FUNCTION:
+RAND_event                              2258    EXIST:WIN32:FUNCTION:
+DSO_new                                 2259    EXIST::FUNCTION:
+DSO_new_method                          2260    EXIST::FUNCTION:
+DSO_free                                2261    EXIST::FUNCTION:
+DSO_flags                               2262    EXIST::FUNCTION:
+DSO_up                                  2263    NOEXIST::FUNCTION:
+DSO_set_default_method                  2264    EXIST::FUNCTION:
+DSO_get_default_method                  2265    EXIST::FUNCTION:
+DSO_get_method                          2266    EXIST::FUNCTION:
+DSO_set_method                          2267    EXIST::FUNCTION:
+DSO_load                                2268    EXIST::FUNCTION:
+DSO_bind_var                            2269    EXIST::FUNCTION:
+DSO_METHOD_null                         2270    EXIST::FUNCTION:
+DSO_METHOD_openssl                      2271    EXIST::FUNCTION:
+DSO_METHOD_dlfcn                        2272    EXIST::FUNCTION:
+DSO_METHOD_win32                        2273    EXIST::FUNCTION:
+ERR_load_DSO_strings                    2274    EXIST::FUNCTION:
+DSO_METHOD_dl                           2275    EXIST::FUNCTION:
+NCONF_load                              2276    EXIST::FUNCTION:
+NCONF_load_fp                           2278    EXIST::FUNCTION:FP_API
+NCONF_new                               2279    EXIST::FUNCTION:
+NCONF_get_string                        2280    EXIST::FUNCTION:
+NCONF_free                              2281    EXIST::FUNCTION:
+NCONF_get_number                        2282    NOEXIST::FUNCTION:
+CONF_dump_fp                            2283    EXIST::FUNCTION:
+NCONF_load_bio                          2284    EXIST::FUNCTION:
+NCONF_dump_fp                           2285    EXIST::FUNCTION:
+NCONF_get_section                       2286    EXIST::FUNCTION:
+NCONF_dump_bio                          2287    EXIST::FUNCTION:
+CONF_dump_bio                           2288    EXIST::FUNCTION:
+NCONF_free_data                         2289    EXIST::FUNCTION:
+CONF_set_default_method                 2290    EXIST::FUNCTION:
+ERR_error_string_n                      2291    EXIST::FUNCTION:
+BIO_snprintf                            2292    EXIST::FUNCTION:
+DSO_ctrl                                2293    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER            2317    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7                   2328    NOEXIST::FUNCTION:
+BIO_vfree                               2334    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER            2339    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341    NOEXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350    NOEXIST::FUNCTION:
+X509_REQ_digest                         2362    EXIST::FUNCTION:EVP
+X509_CRL_digest                         2391    EXIST::FUNCTION:EVP
+d2i_ASN1_SET_OF_PKCS7                   2397    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           2399    EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2400    EXIST::FUNCTION:
+BN_mod_exp_mont_word                    2401    EXIST::FUNCTION:
+RAND_egd_bytes                          2402    EXIST::FUNCTION:
+X509_REQ_get1_email                     2403    EXIST::FUNCTION:
+X509_get1_email                         2404    EXIST::FUNCTION:
+X509_email_free                         2405    EXIST::FUNCTION:
+i2d_RSA_NET                             2406    EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET_2                           2407    NOEXIST::FUNCTION:
+d2i_RSA_NET                             2408    EXIST::FUNCTION:RC4,RSA
+DSO_bind_func                           2409    EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid                2410    EXIST::FUNCTION:
+sk_new_null                             2411    EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback     2412    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb           2412    EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid                2413    EXIST::FUNCTION:
+CRYPTO_set_dynlock_size                 2414    NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback      2415    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb            2415    EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback        2416    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb              2416    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback        2417    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb              2417    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback     2418    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb           2418    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value                2419    EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback      2420    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb            2420    EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING                     2421    EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING                     2422    EXIST::FUNCTION:
+RAND_poll                               2423    EXIST::FUNCTION:
+c2i_ASN1_INTEGER                        2424    EXIST::FUNCTION:
+i2c_ASN1_INTEGER                        2425    EXIST::FUNCTION:
+BIO_dump_indent                         2426    EXIST::FUNCTION:
+ASN1_parse_dump                         2427    EXIST::FUNCTION:BIO
+c2i_ASN1_OBJECT                         2428    EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   2429    EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp                 2430    EXIST::FUNCTION:FP_API
+X509_NAME_print_ex                      2431    EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex                    2432    EXIST::FUNCTION:BIO
+MD4                                     2433    EXIST::FUNCTION:MD4
+MD4_Transform                           2434    EXIST::FUNCTION:MD4
+MD4_Final                               2435    EXIST::FUNCTION:MD4
+MD4_Update                              2436    EXIST::FUNCTION:MD4
+MD4_Init                                2437    EXIST::FUNCTION:MD4
+EVP_md4                                 2438    EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio                          2439    EXIST::FUNCTION:BIO
+i2d_PUBKEY_fp                           2440    EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio                          2441    EXIST::FUNCTION:BIO
+ASN1_STRING_to_UTF8                     2442    EXIST::FUNCTION:
+BIO_vprintf                             2443    EXIST::FUNCTION:
+BIO_vsnprintf                           2444    EXIST::FUNCTION:
+d2i_PUBKEY_fp                           2445    EXIST::FUNCTION:FP_API
+X509_cmp_time                           2446    EXIST::FUNCTION:
+X509_STORE_CTX_set_time                 2447    EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer              2448    EXIST::FUNCTION:
+X509_OBJECT_retrieve_match              2449    EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject              2450    EXIST::FUNCTION:
+X509_STORE_CTX_set_flags                2451    EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack            2452    EXIST::FUNCTION:
+X509_time_adj                           2453    EXIST::FUNCTION:
+X509_check_issued                       2454    EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 2455    EXIST::FUNCTION:
+DES_set_weak_key_flag                   2456    NOEXIST::FUNCTION:
+DES_check_key                           2457    NOEXIST::FUNCTION:
+DES_rw_mode                             2458    NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref                        2459    NOEXIST::FUNCTION:
+X509_keyid_set1                         2460    EXIST::FUNCTION:
+BIO_next                                2461    EXIST::FUNCTION:
+DSO_METHOD_vms                          2462    EXIST::FUNCTION:
+BIO_f_linebuffer                        2463    EXIST:VMS:FUNCTION:
+BN_bntest_rand                          2464    EXIST::FUNCTION:
+OPENSSL_issetugid                       2465    EXIST::FUNCTION:
+BN_rand_range                           2466    EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 2467    EXIST::FUNCTION:ENGINE
+ENGINE_set_DSA                          2468    EXIST::FUNCTION:ENGINE
+ENGINE_get_finish_function              2469    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RSA                  2470    EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp                   2471    NOEXIST::FUNCTION:
+DSA_get_default_openssl_method          2472    NOEXIST::FUNCTION:
+ENGINE_set_DH                           2473    EXIST::FUNCTION:ENGINE
+ENGINE_set_def_BN_mod_exp_crt           2474    NOEXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt       2474    NOEXIST::FUNCTION:
+ENGINE_init                             2475    EXIST::FUNCTION:ENGINE
+DH_get_default_openssl_method           2476    NOEXIST::FUNCTION:
+RSA_set_default_openssl_method          2477    NOEXIST::FUNCTION:
+ENGINE_finish                           2478    EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key                  2479    EXIST::FUNCTION:ENGINE
+ENGINE_get_DH                           2480    EXIST::FUNCTION:ENGINE
+ENGINE_ctrl                             2481    EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function                2482    EXIST::FUNCTION:ENGINE
+ENGINE_set_init_function                2483    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_DSA                  2484    EXIST::FUNCTION:ENGINE
+ENGINE_get_name                         2485    EXIST::FUNCTION:ENGINE
+ENGINE_get_last                         2486    EXIST::FUNCTION:ENGINE
+ENGINE_get_prev                         2487    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DH                   2488    EXIST::FUNCTION:ENGINE
+ENGINE_get_RSA                          2489    EXIST::FUNCTION:ENGINE
+ENGINE_set_default                      2490    EXIST::FUNCTION:ENGINE
+ENGINE_get_RAND                         2491    EXIST::FUNCTION:ENGINE
+ENGINE_get_first                        2492    EXIST::FUNCTION:ENGINE
+ENGINE_by_id                            2493    EXIST::FUNCTION:ENGINE
+ENGINE_set_finish_function              2494    EXIST::FUNCTION:ENGINE
+ENGINE_get_def_BN_mod_exp_crt           2495    NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2495    NOEXIST::FUNCTION:
+RSA_get_default_openssl_method          2496    NOEXIST::FUNCTION:
+ENGINE_set_RSA                          2497    EXIST::FUNCTION:ENGINE
+ENGINE_load_private_key                 2498    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_RAND                 2499    EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp                   2500    NOEXIST::FUNCTION:
+ENGINE_remove                           2501    EXIST::FUNCTION:ENGINE
+ENGINE_free                             2502    EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp_crt               2503    NOEXIST::FUNCTION:
+ENGINE_get_next                         2504    EXIST::FUNCTION:ENGINE
+ENGINE_set_name                         2505    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DSA                  2506    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_BN_mod_exp           2507    NOEXIST::FUNCTION:
+ENGINE_set_default_RSA                  2508    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RAND                 2509    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_BN_mod_exp           2510    NOEXIST::FUNCTION:
+ENGINE_set_RAND                         2511    EXIST::FUNCTION:ENGINE
+ENGINE_set_id                           2512    EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp_crt               2513    NOEXIST::FUNCTION:
+ENGINE_set_default_DH                   2514    EXIST::FUNCTION:ENGINE
+ENGINE_new                              2515    EXIST::FUNCTION:ENGINE
+ENGINE_get_id                           2516    EXIST::FUNCTION:ENGINE
+DSA_set_default_openssl_method          2517    NOEXIST::FUNCTION:
+ENGINE_add                              2518    EXIST::FUNCTION:ENGINE
+DH_set_default_openssl_method           2519    NOEXIST::FUNCTION:
+ENGINE_get_DSA                          2520    EXIST::FUNCTION:ENGINE
+ENGINE_get_ctrl_function                2521    EXIST::FUNCTION:ENGINE
+ENGINE_set_ctrl_function                2522    EXIST::FUNCTION:ENGINE
+BN_pseudo_rand_range                    2523    EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb            2524    EXIST::FUNCTION:
+ERR_load_COMP_strings                   2525    EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i                 2526    EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2527    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2527    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers               2528    EXIST::FUNCTION:ENGINE
+ENGINE_get_ciphers                      2529    EXIST::FUNCTION:ENGINE
+d2i_OCSP_BASICRESP                      2530    EXIST::FUNCTION:
+KRB5_CHECKSUM_it                        2531    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it                        2531    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add                            2532    EXIST::FUNCTION:EC
+ASN1_item_ex_i2d                        2533    EXIST::FUNCTION:
+OCSP_CERTID_it                          2534    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it                          2534    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES                      2535    EXIST::FUNCTION:
+X509V3_add1_i2d                         2536    EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2537    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2537    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean                    2538    EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2539    EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf                        2540    EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 2541    EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     2542    EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2543    EXIST::FUNCTION:
+X509_print_ex                           2544    EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i                2545    EXIST::FUNCTION:
+ENGINE_register_all_RAND                2546    EXIST::FUNCTION:ENGINE
+ENGINE_load_dynamic                     2547    EXIST::FUNCTION:ENGINE
+PBKDF2PARAM_it                          2548    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          2548    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new                  2549    EXIST::FUNCTION:
+EC_GROUP_clear_free                     2550    EXIST::FUNCTION:EC
+OCSP_sendreq_bio                        2551    EXIST::FUNCTION:
+ASN1_item_digest                        2552    EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext               2553    EXIST::FUNCTION:
+OCSP_SIGNATURE_it                       2554    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it                       2554    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it                             2555    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             2555    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext                  2556    EXIST::FUNCTION:
+KRB5_ENCKEY_it                          2557    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it                          2557    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer                    2558    EXIST::FUNCTION:
+X509_STORE_set_purpose                  2559    EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING                  2560    EXIST::FUNCTION:
+OCSP_response_status                    2561    EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     2562    EXIST::FUNCTION:
+ENGINE_get_digest_engine                2563    EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_GFp                  2564    EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ             2565    EXIST::FUNCTION:
+_ossl_old_des_random_key                2566    EXIST::FUNCTION:DES
+ASN1_T61STRING_it                       2567    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2567    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      2568    EXIST::FUNCTION:EC
+i2d_KRB5_APREQ                          2569    EXIST::FUNCTION:
+_ossl_old_des_encrypt                   2570    EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new                      2571    EXIST::FUNCTION:
+HMAC_Init_ex                            2572    EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT                        2573    EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 2574    EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575   EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp           2575    EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key               2576    EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ           2577    EXIST::FUNCTION:
+EC_POINT_oct2point                      2578    EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count           2579    EXIST::FUNCTION:
+UI_ctrl                                 2580    EXIST::FUNCTION:
+_shadow_DES_rw_mode                     2581    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode                     2581    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb                             2582    EXIST::FUNCTION:
+ASN1_template_i2d                       2583    EXIST::FUNCTION:
+ENGINE_register_DH                      2584    EXIST::FUNCTION:ENGINE
+UI_construct_prompt                     2585    EXIST::FUNCTION:
+X509_STORE_set_trust                    2586    EXIST::FUNCTION:
+UI_dup_input_string                     2587    EXIST::FUNCTION:
+d2i_KRB5_APREQ                          2588    EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      2589    EXIST::FUNCTION:
+OCSP_request_is_signed                  2590    EXIST::FUNCTION:
+i2d_OCSP_REQINFO                        2591    EXIST::FUNCTION:
+KRB5_ENCKEY_free                        2592    EXIST::FUNCTION:
+OCSP_resp_get0                          2593    EXIST::FUNCTION:
+GENERAL_NAME_it                         2594    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         2594    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it                 2595    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2595    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags                    2596    EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597    EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp           2597    EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str                2598    EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    2599    EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2600    EXIST::FUNCTION:
+ERR_get_implementation                  2601    EXIST::FUNCTION:
+EVP_CipherFinal_ex                      2602    EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     2603    EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              2604    EXIST::FUNCTION:
+OCSP_resp_find                          2605    EXIST::FUNCTION:
+BN_nnmod                                2606    EXIST::FUNCTION:
+X509_CRL_sort                           2607    EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         2608    EXIST::FUNCTION:
+ENGINE_register_RAND                    2609    EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_new                     2610    EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     2611    EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp          2611    EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options                   2612    EXIST::FUNCTION:DES
+SXNET_it                                2613    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                2613    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean                    2614    EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2615    EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2616    EXIST::FUNCTION:EC
+ENGINE_load_cryptodev                   2617    EXIST::FUNCTION:ENGINE
+DSO_convert_filename                    2618    EXIST::FUNCTION:
+POLICYQUALINFO_it                       2619    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       2619    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers                 2620    EXIST::FUNCTION:ENGINE
+BN_mod_lshift_quick                     2621    EXIST::FUNCTION:
+DSO_set_filename                        2622    EXIST::FUNCTION:
+ASN1_item_free                          2623    EXIST::FUNCTION:
+KRB5_TKTBODY_free                       2624    EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2625    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2625    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new                      2626    EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                2627    EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string                  2628    EXIST::FUNCTION:ENGINE
+i2d_OCSP_RESPDATA                       2629    EXIST::FUNCTION:
+EVP_MD_CTX_init                         2630    EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 2631    EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      2632    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      2632    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string                     2633    EXIST::FUNCTION:
+KRB5_CHECKSUM_free                      2634    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    2635    EXIST::FUNCTION:
+ENGINE_load_ubsec                       2636    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_register_all_digests             2637    EXIST::FUNCTION:ENGINE
+PKEY_USAGE_PERIOD_it                    2638    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    2638    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes                 2639    EXIST::FUNCTION:
+ASN1_item_unpack                        2640    EXIST::FUNCTION:
+NETSCAPE_SPKAC_it                       2641    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2641    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it                         2642    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         2642    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode                      2643    NOEXIST::FUNCTION:
+EVP_aes_128_ecb                         2644    EXIST::FUNCTION:AES
+KRB5_AUTHENT_free                       2645    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      2646    EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit          2646    EXIST:VMS:FUNCTION:
+OCSP_cert_status_str                    2647    EXIST::FUNCTION:
+d2i_OCSP_REQUEST                        2648    EXIST::FUNCTION:
+UI_dup_info_string                      2649    EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out             2650    NOEXIST::FUNCTION:
+PKCS12_it                               2651    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               2651    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2652    EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit         2652    EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free                    2653    EXIST::FUNCTION:
+_ossl_old_des_crypt                     2654    EXIST::FUNCTION:DES
+ASN1_item_i2d                           2655    EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     2656    EXIST::FUNCTION:
+ENGINE_load_openssl                     2657    EXIST::FUNCTION:ENGINE
+ENGINE_get_cmd_defns                    2658    EXIST::FUNCTION:ENGINE
+ENGINE_set_load_privkey_function        2659    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_load_privkey_fn              2659    EXIST:VMS:FUNCTION:ENGINE
+EVP_EncryptFinal_ex                     2660    EXIST::FUNCTION:
+ENGINE_set_default_digests              2661    EXIST::FUNCTION:ENGINE
+X509_get0_pubkey_bitstr                 2662    EXIST::FUNCTION:
+asn1_ex_i2c                             2663    EXIST::FUNCTION:
+ENGINE_register_RSA                     2664    EXIST::FUNCTION:ENGINE
+ENGINE_unregister_DSA                   2665    EXIST::FUNCTION:ENGINE
+_ossl_old_des_key_sched                 2666    EXIST::FUNCTION:DES
+X509_EXTENSION_it                       2667    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       2667    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT                        2668    EXIST::FUNCTION:
+SXNETID_it                              2669    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              2669    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP                     2670    EXIST::FUNCTION:
+EDIPARTYNAME_new                        2671    EXIST::FUNCTION:
+PKCS12_certbag2x509                     2672    EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt             2673    EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE                  2674    EXIST::FUNCTION:
+ERR_print_errors_cb                     2675    EXIST::FUNCTION:
+ENGINE_set_ciphers                      2676    EXIST::FUNCTION:ENGINE
+d2i_KRB5_APREQBODY                      2677    EXIST::FUNCTION:
+UI_method_get_flusher                   2678    EXIST::FUNCTION:
+X509_PUBKEY_it                          2679    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          2679    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read                  2680    EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it                        2681    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2681    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE                       2682    EXIST::FUNCTION:
+EC_GROUP_get_cofactor                   2683    EXIST::FUNCTION:EC
+PKCS12_unpack_p7data                    2684    EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA                       2685    EXIST::FUNCTION:
+OCSP_copy_nonce                         2686    EXIST::FUNCTION:
+KRB5_AUTHDATA_new                       2687    EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2688    EXIST::FUNCTION:
+EC_GFp_mont_method                      2689    EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free                   2690    EXIST::FUNCTION:
+UI_get_ex_data                          2691    EXIST::FUNCTION:
+KRB5_APREQBODY_free                     2692    EXIST::FUNCTION:
+EC_GROUP_get0_generator                 2693    EXIST::FUNCTION:EC
+UI_get_default_method                   2694    EXIST::FUNCTION:
+X509V3_set_nconf                        2695    EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt                 2696    EXIST::FUNCTION:
+X509_add1_ext_i2d                       2697    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    2698    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    2698    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new                      2699    EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2700    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2700    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order                      2701    EXIST::FUNCTION:EC
+d2i_OCSP_RESPID                         2702    EXIST::FUNCTION:
+OCSP_request_verify                     2703    EXIST::FUNCTION:
+NCONF_get_number_e                      2704    EXIST::FUNCTION:
+_ossl_old_des_decrypt3                  2705    EXIST::FUNCTION:DES
+X509_signature_print                    2706    EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free                    2707    EXIST::FUNCTION:
+ENGINE_load_builtin_engines             2708    EXIST::FUNCTION:ENGINE
+i2d_OCSP_ONEREQ                         2709    EXIST::FUNCTION:
+OCSP_REQUEST_add_ext                    2710    EXIST::FUNCTION:
+OCSP_RESPBYTES_new                      2711    EXIST::FUNCTION:
+EVP_MD_CTX_create                       2712    EXIST::FUNCTION:
+OCSP_resp_find_status                   2713    EXIST::FUNCTION:
+X509_ALGOR_it                           2714    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           2714    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it                            2715    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2715    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name                  2716    EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               2717    EXIST::FUNCTION:
+UI_get0_result                          2718    EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2719    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2719    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb                         2720    EXIST::FUNCTION:AES
+PKCS12_pack_authsafes                   2721    EXIST::FUNCTION:
+ASN1_IA5STRING_it                       2722    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       2722    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags                      2723    EXIST::FUNCTION:
+EC_GROUP_set_generator                  2724    EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys           2725    EXIST::FUNCTION:DES
+OCSP_CERTID_free                        2726    EXIST::FUNCTION:
+X509_CERT_AUX_it                        2727    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        2727    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it                  2728    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  2728    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt          2729    EXIST::FUNCTION:DES
+RAND_set_rand_engine                    2730    EXIST::FUNCTION:ENGINE
+DSO_get_loaded_filename                 2731    EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       2732    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       2732    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2733    EXIST::FUNCTION:
+PKCS12_decrypt_skey                     2734    EXIST::FUNCTION:
+KRB5_AUTHENT_it                         2735    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it                         2735    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string                     2736    EXIST::FUNCTION:
+RSAPublicKey_it                         2737    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         2737    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST                        2738    EXIST::FUNCTION:
+PKCS12_x509crl2certbag                  2739    EXIST::FUNCTION:
+OCSP_SERVICELOC_it                      2740    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it                      2740    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign                          2741    EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name                2742    EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2743    EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      2744    EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      2745    EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 2746    EXIST::FUNCTION:
+HMAC_CTX_init                           2747    EXIST::FUNCTION:HMAC
+ENGINE_get_digest                       2748    EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_print                     2749    EXIST::FUNCTION:
+KRB5_TKTBODY_it                         2750    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it                         2750    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it                   2751    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2751    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              2752    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              2752    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it                            2753    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            2753    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl                  2754    EXIST::FUNCTION:
+PKCS7_SIGNED_it                         2755    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         2755    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher                       2756    EXIST::FUNCTION:ENGINE
+i2d_OCSP_CRLID                          2757    EXIST::FUNCTION:
+OCSP_SINGLERESP_new                     2758    EXIST::FUNCTION:
+ENGINE_cmd_is_executable                2759    EXIST::FUNCTION:ENGINE
+RSA_up_ref                              2760    EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it                   2761    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2761    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA                     2762    EXIST::FUNCTION:ENGINE
+X509V3_EXT_add_nconf_sk                 2763    EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         2764    EXIST::FUNCTION:ENGINE
+PKCS8_decrypt                           2765    EXIST::FUNCTION:
+PEM_bytes_read_bio                      2766    EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it                      2767    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2767    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID                          2768    EXIST::FUNCTION:
+EC_POINT_is_on_curve                    2769    EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions      2770    EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs          2770    EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM                       2771    EXIST::FUNCTION:
+ASN1_item_dup                           2772    EXIST::FUNCTION:
+X509_it                                 2773    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 2773    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add                              2774    EXIST::FUNCTION:
+KRB5_AUTHDATA_free                      2775    EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum                 2776    EXIST::FUNCTION:DES
+ASN1_item_verify                        2777    EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions             2778    EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779   EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp           2779    EXIST:VMS:FUNCTION:EC
+ZLONG_it                                2780    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                2780    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions      2781    EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs          2781    EXIST:VMS:FUNCTION:
+ASN1_TIME_check                         2782    EXIST::FUNCTION:
+UI_get0_user_data                       2783    EXIST::FUNCTION:
+HMAC_CTX_cleanup                        2784    EXIST::FUNCTION:HMAC
+DSA_up_ref                              2785    EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt        2786    EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt           2786    EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it                       2787    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       2787    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit                            2788    EXIST::FUNCTION:
+UI_method_set_flusher                   2789    EXIST::FUNCTION:
+X509_ocspid_print                       2790    EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it                         2791    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it                         2791    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function         2792    EXIST::FUNCTION:ENGINE
+UI_add_user_data                        2793    EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2794    EXIST::FUNCTION:
+UI_get_method                           2795    EXIST::FUNCTION:
+OCSP_ONEREQ_free                        2796    EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it                 2797    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 2797    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate                 2798    EXIST::FUNCTION:
+OCSP_REQUEST_it                         2799    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it                         2799    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it                       2800    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it                       2800    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt                         2801    EXIST::FUNCTION:AES
+BN_mod_sqr                              2802    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               2803    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               2803    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it                        2804    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2804    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2805    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2805    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it                        2806    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        2806    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data                          2807    EXIST::FUNCTION:
+_ossl_old_des_string_to_key             2808    EXIST::FUNCTION:DES
+ENGINE_register_all_RSA                 2809    EXIST::FUNCTION:ENGINE
+d2i_KRB5_PRINCNAME                      2810    EXIST::FUNCTION:
+OCSP_RESPBYTES_it                       2811    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it                       2811    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it                            2812    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2812    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests               2813    EXIST::FUNCTION:ENGINE
+d2i_EDIPARTYNAME                        2814    EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     2815    EXIST::FUNCTION:
+ENGINE_get_digests                      2816    EXIST::FUNCTION:ENGINE
+_ossl_old_des_set_odd_parity            2817    EXIST::FUNCTION:DES
+OCSP_RESPDATA_free                      2818    EXIST::FUNCTION:
+d2i_KRB5_TICKET                         2819    EXIST::FUNCTION:
+OTHERNAME_it                            2820    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2820    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup                      2821    EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2822    EXIST::FUNCTION:
+X509_CRL_set_version                    2823    EXIST::FUNCTION:
+BN_mod_sub                              2824    EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          2825    EXIST::FUNCTION:
+ENGINE_get_ex_new_index                 2826    EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_free                       2827    EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d               2828    EXIST::FUNCTION:
+X509_VAL_it                             2829    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             2829    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine                   2830    EXIST::FUNCTION:EC
+EC_POINT_mul                            2831    EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf                    2832    EXIST::FUNCTION:
+X509_TRUST_set                          2833    EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d                   2834    EXIST::FUNCTION:
+_ossl_old_des_fcrypt                    2835    EXIST::FUNCTION:DES
+DISPLAYTEXT_it                          2836    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          2836    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate                 2837    EXIST::FUNCTION:
+OCSP_BASICRESP_free                     2838    EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d             2839    EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY                    2840    EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841    EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841    EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new                        2842    EXIST::FUNCTION:
+DSO_up_ref                              2843    EXIST::FUNCTION:
+OCSP_crl_reason_str                     2844    EXIST::FUNCTION:
+UI_get0_result_string                   2845    EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  2846    EXIST::FUNCTION:
+X509_SIG_it                             2847    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             2847    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation                  2848    EXIST::FUNCTION:
+ERR_load_EC_strings                     2849    EXIST::FUNCTION:EC
+UI_get0_action_string                   2850    EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext                     2851    EXIST::FUNCTION:
+EC_POINT_method_of                      2852    EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY                      2853    EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt              2854    EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions             2855    EXIST::FUNCTION:
+ENGINE_get_ex_data                      2856    EXIST::FUNCTION:ENGINE
+UI_destroy_method                       2857    EXIST::FUNCTION:
+ASN1_item_i2d_bio                       2858    EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ              2859    EXIST::FUNCTION:
+ASN1_primitive_new                      2860    EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       2861    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       2861    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb                         2862    EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new                      2863    EXIST::FUNCTION:
+LONG_it                                 2864    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 2864    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it                   2865    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   2865    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            2866    EXIST::FUNCTION:
+d2i_OCSP_CERTID                         2867    EXIST::FUNCTION:
+ASN1_item_d2i_fp                        2868    EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it                      2869    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      2869    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print                      2870    EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext              2871    EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      2872    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      2872    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE                      2873    EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2874    EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    2875    EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_free                    2876    EXIST::FUNCTION:
+EC_GROUP_free                           2877    EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it                      2878    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      2878    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it                             2879    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             2879    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt               2880    EXIST::FUNCTION:DES
+ERR_unload_strings                      2881    EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2882    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2882    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free                       2883    EXIST::FUNCTION:
+OCSP_REQINFO_free                       2884    EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  2885    EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i               2886    EXIST::FUNCTION:
+PKCS12_item_pack_safebag                2887    EXIST::FUNCTION:
+asn1_ex_c2i                             2888    EXIST::FUNCTION:
+ENGINE_register_digests                 2889    EXIST::FUNCTION:ENGINE
+i2d_OCSP_REVOKEDINFO                    2890    EXIST::FUNCTION:
+asn1_enc_restore                        2891    EXIST::FUNCTION:
+UI_free                                 2892    EXIST::FUNCTION:
+UI_new_method                           2893    EXIST::FUNCTION:
+EVP_EncryptInit_ex                      2894    EXIST::FUNCTION:
+X509_pubkey_digest                      2895    EXIST::FUNCTION:EVP
+EC_POINT_invert                         2896    EXIST::FUNCTION:EC
+OCSP_basic_sign                         2897    EXIST::FUNCTION:
+i2d_OCSP_RESPID                         2898    EXIST::FUNCTION:
+OCSP_check_nonce                        2899    EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         2900    EXIST::FUNCTION:ENGINE
+d2i_KRB5_ENCKEY                         2901    EXIST::FUNCTION:
+OCSP_parse_url                          2902    EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2903    EXIST::FUNCTION:
+OCSP_CRLID_free                         2904    EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2905    EXIST::FUNCTION:
+RSAPrivateKey_it                        2906    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2906    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH                  2907    EXIST::FUNCTION:ENGINE
+i2d_EDIPARTYNAME                        2908    EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     2909    EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp          2909    EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new                          2910    EXIST::FUNCTION:
+ENGINE_get_flags                        2911    EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_it                          2912    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it                          2912    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process                              2913    EXIST::FUNCTION:
+ASN1_INTEGER_it                         2914    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         2914    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex                       2915    EXIST::FUNCTION:
+UI_get_string_type                      2916    EXIST::FUNCTION:
+ENGINE_unregister_DH                    2917    EXIST::FUNCTION:ENGINE
+ENGINE_register_all_DSA                 2918    EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_get_ext_by_critical         2919    EXIST::FUNCTION:
+bn_dup_expand                           2920    EXIST::FUNCTION:DEPRECATED
+OCSP_cert_id_new                        2921    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2922    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2922    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2923    EXIST::FUNCTION:
+EC_POINT_new                            2924    EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy                      2925    EXIST::FUNCTION:
+OCSP_RESPBYTES_free                     2926    EXIST::FUNCTION:
+EVP_aes_128_cbc                         2927    EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i            2928    EXIST::FUNCTION:
+EC_POINT_free                           2929    EXIST::FUNCTION:EC
+DH_up_ref                               2930    EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it                      2931    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2931    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index                     2932    EXIST::FUNCTION:
+BN_mod_sub_quick                        2933    EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     2934    EXIST::FUNCTION:
+OCSP_request_sign                       2935    EXIST::FUNCTION:
+EVP_DigestFinal_ex                      2936    EXIST::FUNCTION:
+ENGINE_set_digests                      2937    EXIST::FUNCTION:ENGINE
+OCSP_id_issuer_cmp                      2938    EXIST::FUNCTION:
+OBJ_NAME_do_all                         2939    EXIST::FUNCTION:
+EC_POINTs_mul                           2940    EXIST::FUNCTION:EC
+ENGINE_register_complete                2941    EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf_nid                    2942    EXIST::FUNCTION:
+ASN1_SEQUENCE_it                        2943    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        2943    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method                   2944    EXIST::FUNCTION:
+RAND_query_egd_bytes                    2945    EXIST::FUNCTION:
+UI_method_get_writer                    2946    EXIST::FUNCTION:
+UI_OpenSSL                              2947    EXIST::FUNCTION:
+PEM_def_callback                        2948    EXIST::FUNCTION:
+ENGINE_cleanup                          2949    EXIST::FUNCTION:ENGINE
+DIST_POINT_it                           2950    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           2950    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it                      2951    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it                      2951    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY                        2952    EXIST::FUNCTION:
+EC_POINT_cmp                            2953    EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new                    2954    EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2955    EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   2956    EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2957    EXIST::FUNCTION:
+BN_mod_lshift1_quick                    2958    EXIST::FUNCTION:
+UI_set_method                           2959    EXIST::FUNCTION:
+OCSP_id_get0_info                       2960    EXIST::FUNCTION:
+BN_mod_sqrt                             2961    EXIST::FUNCTION:
+EC_GROUP_copy                           2962    EXIST::FUNCTION:EC
+KRB5_ENCDATA_free                       2963    EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt               2964    EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ          2965    EXIST::FUNCTION:
+OCSP_cert_to_id                         2966    EXIST::FUNCTION:
+OCSP_RESPID_new                         2967    EXIST::FUNCTION:
+OCSP_RESPDATA_it                        2968    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it                        2968    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA                       2969    EXIST::FUNCTION:
+ENGINE_register_all_complete            2970    EXIST::FUNCTION:ENGINE
+OCSP_check_validity                     2971    EXIST::FUNCTION:
+PKCS12_BAGS_it                          2972    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          2972    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new                     2973    EXIST::FUNCTION:
+ASN1_template_free                      2974    EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 2975    EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it                     2976    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it                     2976    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension                2977    EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA                       2978    EXIST::FUNCTION:
+UI_method_get_opener                    2979    EXIST::FUNCTION:
+ENGINE_set_ex_data                      2980    EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_print                      2981    EXIST::FUNCTION:
+CBIGNUM_it                              2982    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              2982    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new                         2983    EXIST::FUNCTION:
+KRB5_APREQ_new                          2984    EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp                  2985    EXIST::FUNCTION:EC
+KRB5_ENCKEY_new                         2986    EXIST::FUNCTION:
+ASN1_template_d2i                       2987    EXIST::FUNCTION:
+_ossl_old_des_quad_cksum                2988    EXIST::FUNCTION:DES
+OCSP_single_get0_status                 2989    EXIST::FUNCTION:
+BN_swap                                 2990    EXIST::FUNCTION:
+POLICYINFO_it                           2991    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           2991    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function             2992    EXIST::FUNCTION:ENGINE
+asn1_enc_free                           2993    EXIST::FUNCTION:
+OCSP_RESPID_it                          2994    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it                          2994    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new                            2995    EXIST::FUNCTION:EC
+EVP_aes_256_cbc                         2996    EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME                      2997    EXIST::FUNCTION:
+_ossl_old_des_encrypt2                  2998    EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3                  2999    EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it                  3000    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  3000    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it                         3001    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it                         3001    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it                             3002    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             3002    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new                    3003    EXIST::FUNCTION:
+X509_CRL_add0_revoked                   3004    EXIST::FUNCTION:
+EDIPARTYNAME_it                         3005    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         3005    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it                        3006    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        3006    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string                     3007    EXIST::FUNCTION:
+ENGINE_get_cipher_engine                3008    EXIST::FUNCTION:ENGINE
+ENGINE_register_all_ciphers             3009    EXIST::FUNCTION:ENGINE
+EC_POINT_copy                           3010    EXIST::FUNCTION:EC
+BN_kronecker                            3011    EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt        3012    EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt           3012    EXIST:VMS:FUNCTION:DES
+UI_method_get_reader                    3013    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count            3014    EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      3015    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      3015    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result                           3016    EXIST::FUNCTION:
+i2d_KRB5_TICKET                         3017    EXIST::FUNCTION:
+X509_print_ex_fp                        3018    EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding              3019    EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       3020    EXIST::FUNCTION:
+ASN1_UTCTIME_it                         3021    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         3021    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write                 3022    EXIST::FUNCTION:DES
+OCSP_RESPONSE_new                       3023    EXIST::FUNCTION:
+AES_set_encrypt_key                     3024    EXIST::FUNCTION:AES
+OCSP_resp_count                         3025    EXIST::FUNCTION:
+KRB5_CHECKSUM_new                       3026    EXIST::FUNCTION:
+ENGINE_load_cswift                      3027    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_onereq_get0_id                     3028    EXIST::FUNCTION:
+ENGINE_set_default_ciphers              3029    EXIST::FUNCTION:ENGINE
+NOTICEREF_it                            3030    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            3030    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf                3031    EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3032    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it                     3032    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt                             3033    EXIST::FUNCTION:AES
+OCSP_REQUEST_new                        3034    EXIST::FUNCTION:
+ASN1_ANY_it                             3035    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             3035    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class                3036    EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt              3037    EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY                        3038    EXIST::FUNCTION:
+EC_POINT_clear_free                     3039    EXIST::FUNCTION:EC
+AES_decrypt                             3040    EXIST::FUNCTION:AES
+asn1_enc_init                           3041    EXIST::FUNCTION:
+UI_get_result_maxsize                   3042    EXIST::FUNCTION:
+OCSP_CERTID_new                         3043    EXIST::FUNCTION:
+ENGINE_unregister_RAND                  3044    EXIST::FUNCTION:ENGINE
+UI_method_get_closer                    3045    EXIST::FUNCTION:
+d2i_KRB5_ENCDATA                        3046    EXIST::FUNCTION:
+OCSP_request_onereq_count               3047    EXIST::FUNCTION:
+OCSP_basic_verify                       3048    EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free                   3049    EXIST::FUNCTION:
+ASN1_item_d2i                           3050    EXIST::FUNCTION:
+ASN1_primitive_free                     3051    EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  3052    EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE                      3053    EXIST::FUNCTION:
+asn1_enc_save                           3054    EXIST::FUNCTION:
+ENGINE_load_nuron                       3055    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_old_des_pcbc_encrypt              3056    EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it                      3057    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      3057    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new               3058    EXIST::FUNCTION:
+asn1_do_lock                            3059    EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it                    3060    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    3060    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it                       3061    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it                       3061    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP                     3062    EXIST::FUNCTION:
+ASN1_item_ex_new                        3063    EXIST::FUNCTION:
+UI_add_verify_string                    3064    EXIST::FUNCTION:
+_ossl_old_des_set_key                   3065    EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it                       3066    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it                       3066    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex                      3067    EXIST::FUNCTION:
+i2d_OCSP_CERTID                         3068    EXIST::FUNCTION:
+ASN1_item_d2i_bio                       3069    EXIST::FUNCTION:BIO
+EC_POINT_dbl                            3070    EXIST::FUNCTION:EC
+asn1_get_choice_selector                3071    EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM                       3072    EXIST::FUNCTION:
+ENGINE_set_table_flags                  3073    EXIST::FUNCTION:ENGINE
+AES_options                             3074    EXIST::FUNCTION:AES
+ENGINE_load_chil                        3075    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_id_cmp                             3076    EXIST::FUNCTION:
+OCSP_BASICRESP_new                      3077    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             3078    EXIST::FUNCTION:
+KRB5_APREQ_it                           3079    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it                           3079    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function             3080    EXIST::FUNCTION:ENGINE
+CONF_set_nconf                          3081    EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3082    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           3083    EXIST::FUNCTION:
+DIST_POINT_NAME_it                      3084    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      3084    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print                 3085    EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt             3086    EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d               3087    EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt               3088    EXIST::FUNCTION:DES
+KRB5_TKTBODY_new                        3089    EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    3090    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    3090    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings                     3091    EXIST::FUNCTION:
+i2d_KRB5_ENCKEY                         3092    EXIST::FUNCTION:
+ASN1_template_new                       3093    EXIST::FUNCTION:
+OCSP_SIGNATURE_free                     3094    EXIST::FUNCTION:
+ASN1_item_i2d_fp                        3095    EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free                     3096    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3097    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3097    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it                   3098    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   3098    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method                    3099    EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                3100    EXIST::FUNCTION:EC
+OCSP_request_onereq_get0                3101    EXIST::FUNCTION:
+UI_method_set_writer                    3102    EXIST::FUNCTION:
+KRB5_AUTHENT_new                        3103    EXIST::FUNCTION:
+X509_CRL_INFO_it                        3104    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        3104    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter                  3105    EXIST::FUNCTION:
+AES_set_decrypt_key                     3106    EXIST::FUNCTION:AES
+PKCS7_DIGEST_it                         3107    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3107    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag                     3108    EXIST::FUNCTION:
+EVP_DigestInit_ex                       3109    EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3110    EXIST::FUNCTION:
+OCSP_RESPONSE_it                        3111    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it                        3111    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it                    3112    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3112    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id                    3113    EXIST::FUNCTION:
+EC_POINT_make_affine                    3114    EXIST::FUNCTION:EC
+DSO_get_filename                        3115    EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      3116    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it                      3116    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert                  3117    EXIST::FUNCTION:
+UI_get0_output_string                   3118    EXIST::FUNCTION:
+UI_dup_verify_string                    3119    EXIST::FUNCTION:
+BN_mod_lshift                           3120    EXIST::FUNCTION:
+KRB5_AUTHDATA_it                        3121    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it                        3121    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector                3122    EXIST::FUNCTION:
+OCSP_basic_add1_status                  3123    EXIST::FUNCTION:
+OCSP_RESPID_free                        3124    EXIST::FUNCTION:
+asn1_get_field_ptr                      3125    EXIST::FUNCTION:
+UI_add_input_string                     3126    EXIST::FUNCTION:
+OCSP_CRLID_it                           3127    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it                           3127    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY                    3128    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              3129    EXIST::FUNCTION:
+ENGINE_load_atalla                      3130    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+X509_NAME_it                            3131    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            3131    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it                           3132    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3132    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new                        3133    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext                  3134    EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135    EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135    EXIST:VMS:FUNCTION:
+ASN1_item_pack                          3136    EXIST::FUNCTION:
+i2d_KRB5_ENCDATA                        3137    EXIST::FUNCTION:
+X509_PURPOSE_set                        3138    EXIST::FUNCTION:
+X509_REQ_INFO_it                        3139    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        3139    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener                    3140    EXIST::FUNCTION:
+ASN1_item_ex_free                       3141    EXIST::FUNCTION:
+ASN1_BOOLEAN_it                         3142    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         3142    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags                  3143    EXIST::FUNCTION:ENGINE
+UI_create_method                        3144    EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d                3145    EXIST::FUNCTION:
+_shadow_DES_check_key                   3146    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   3146    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO                        3147    EXIST::FUNCTION:
+UI_add_info_string                      3148    EXIST::FUNCTION:
+UI_get_result_minsize                   3149    EXIST::FUNCTION:
+ASN1_NULL_it                            3150    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            3150    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1                          3151    EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3152    EXIST::FUNCTION:
+OCSP_ONEREQ_new                         3153    EXIST::FUNCTION:
+KRB5_TICKET_it                          3154    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it                          3154    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc                         3155    EXIST::FUNCTION:AES
+KRB5_TICKET_free                        3156    EXIST::FUNCTION:
+UI_new                                  3157    EXIST::FUNCTION:
+OCSP_response_create                    3158    EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt              3159    EXIST::FUNCTION:DES
+PKCS7_it                                3160    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3160    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        3161    EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit            3161    EXIST:VMS:FUNCTION:
+ENGINE_set_flags                        3162    EXIST::FUNCTION:ENGINE
+_ossl_old_des_ecb_encrypt               3163    EXIST::FUNCTION:DES
+OCSP_response_get1_basic                3164    EXIST::FUNCTION:
+EVP_Digest                              3165    EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  3166    EXIST::FUNCTION:
+ASN1_TBOOLEAN_it                        3167    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        3167    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new                           3168    EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime            3169    EXIST::FUNCTION:
+BIGNUM_it                               3170    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               3170    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt                         3171    EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function        3172    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_load_privkey_fn              3172    EXIST:VMS:FUNCTION:ENGINE
+OCSP_RESPONSE_free                      3173    EXIST::FUNCTION:
+UI_method_set_reader                    3174    EXIST::FUNCTION:
+i2d_ASN1_T61STRING                      3175    EXIST::FUNCTION:
+EC_POINT_set_to_infinity                3176    EXIST::FUNCTION:EC
+ERR_load_OCSP_strings                   3177    EXIST::FUNCTION:
+EC_POINT_point2oct                      3178    EXIST::FUNCTION:EC
+KRB5_APREQ_free                         3179    EXIST::FUNCTION:
+ASN1_OBJECT_it                          3180    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          3180    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new                          3181    EXIST:!OS2,!VMS:FUNCTION:
+OCSP_crlID2_new                         3181    EXIST:OS2,VMS:FUNCTION:
+CONF_modules_load_file                  3182    EXIST::FUNCTION:
+CONF_imodule_set_usr_data               3183    EXIST::FUNCTION:
+ENGINE_set_default_string               3184    EXIST::FUNCTION:ENGINE
+CONF_module_get_usr_data                3185    EXIST::FUNCTION:
+ASN1_add_oid_module                     3186    EXIST::FUNCTION:
+CONF_modules_finish                     3187    EXIST::FUNCTION:
+OPENSSL_config                          3188    EXIST::FUNCTION:
+CONF_modules_unload                     3189    EXIST::FUNCTION:
+CONF_imodule_get_value                  3190    EXIST::FUNCTION:
+CONF_module_set_usr_data                3191    EXIST::FUNCTION:
+CONF_parse_list                         3192    EXIST::FUNCTION:
+CONF_module_add                         3193    EXIST::FUNCTION:
+CONF_get1_default_config_file           3194    EXIST::FUNCTION:
+CONF_imodule_get_flags                  3195    EXIST::FUNCTION:
+CONF_imodule_get_module                 3196    EXIST::FUNCTION:
+CONF_modules_load                       3197    EXIST::FUNCTION:
+CONF_imodule_get_name                   3198    EXIST::FUNCTION:
+ERR_peek_top_error                      3199    NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data               3200    EXIST::FUNCTION:
+CONF_imodule_set_flags                  3201    EXIST::FUNCTION:
+ENGINE_add_conf_module                  3202    EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line                3203    EXIST::FUNCTION:
+ERR_peek_last_error_line_data           3204    EXIST::FUNCTION:
+ERR_peek_last_error                     3205    EXIST::FUNCTION:
+DES_read_2passwords                     3206    EXIST::FUNCTION:DES
+DES_read_password                       3207    EXIST::FUNCTION:DES
+UI_UTIL_read_pw                         3208    EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  3209    EXIST::FUNCTION:
+ENGINE_load_aep                         3210    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_load_sureware                    3211    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OPENSSL_add_all_algorithms_noconf       3212    EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf             3212    EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf         3213    EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf               3213    EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules            3214    EXIST::FUNCTION:
+AES_ofb128_encrypt                      3215    EXIST::FUNCTION:AES
+AES_ctr128_encrypt                      3216    EXIST::FUNCTION:AES
+AES_cfb128_encrypt                      3217    EXIST::FUNCTION:AES
+ENGINE_load_4758cca                     3218    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_096_des_random_seed               3219    EXIST::FUNCTION:DES
+EVP_aes_256_ofb                         3220    EXIST::FUNCTION:AES
+EVP_aes_192_ofb                         3221    EXIST::FUNCTION:AES
+EVP_aes_128_cfb128                      3222    EXIST::FUNCTION:AES
+EVP_aes_256_cfb128                      3223    EXIST::FUNCTION:AES
+EVP_aes_128_ofb                         3224    EXIST::FUNCTION:AES
+EVP_aes_192_cfb128                      3225    EXIST::FUNCTION:AES
+CONF_modules_free                       3226    EXIST::FUNCTION:
+NCONF_default                           3227    EXIST::FUNCTION:
+OPENSSL_no_config                       3228    EXIST::FUNCTION:
+NCONF_WIN32                             3229    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                3230    EXIST::FUNCTION:
+EVP_des_ede_ecb                         3231    EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING                3232    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               3233    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it                 3234    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 3234    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                3235    EXIST::FUNCTION:
+EVP_des_ede3_ecb                        3236    EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237    EXIST::FUNCTION:BIO
+ENGINE_up_ref                           3238    EXIST::FUNCTION:ENGINE
+BUF_MEM_grow_clean                      3239    EXIST::FUNCTION:
+CRYPTO_realloc_clean                    3240    EXIST::FUNCTION:
+BUF_strlcat                             3241    EXIST::FUNCTION:
+BIO_indent                              3242    EXIST::FUNCTION:
+BUF_strlcpy                             3243    EXIST::FUNCTION:
+OpenSSLDie                              3244    EXIST::FUNCTION:
+OPENSSL_cleanse                         3245    EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev              3246    EXIST:__FreeBSD__:FUNCTION:ENGINE
+ERR_release_err_state_table             3247    EXIST::FUNCTION:LHASH
+EVP_aes_128_cfb8                        3248    EXIST::FUNCTION:AES
+FIPS_corrupt_rsa                        3249    NOEXIST::FUNCTION:
+FIPS_selftest_des                       3250    NOEXIST::FUNCTION:
+EVP_aes_128_cfb1                        3251    EXIST::FUNCTION:AES
+EVP_aes_192_cfb8                        3252    EXIST::FUNCTION:AES
+FIPS_mode_set                           3253    EXIST::FUNCTION:
+FIPS_selftest_dsa                       3254    NOEXIST::FUNCTION:
+EVP_aes_256_cfb8                        3255    EXIST::FUNCTION:AES
+FIPS_allow_md5                          3256    NOEXIST::FUNCTION:
+DES_ede3_cfb_encrypt                    3257    EXIST::FUNCTION:DES
+EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
+FIPS_rand_seeded                        3259    NOEXIST::FUNCTION:
+AES_cfbr_encrypt_block                  3260    NOEXIST::FUNCTION:
+AES_cfb8_encrypt                        3261    EXIST::FUNCTION:AES
+FIPS_rand_seed                          3262    NOEXIST::FUNCTION:
+FIPS_corrupt_des                        3263    NOEXIST::FUNCTION:
+EVP_aes_192_cfb1                        3264    EXIST::FUNCTION:AES
+FIPS_selftest_aes                       3265    NOEXIST::FUNCTION:
+FIPS_set_prng_key                       3266    NOEXIST::FUNCTION:
+EVP_des_cfb8                            3267    EXIST::FUNCTION:DES
+FIPS_corrupt_dsa                        3268    NOEXIST::FUNCTION:
+FIPS_test_mode                          3269    NOEXIST::FUNCTION:
+FIPS_rand_method                        3270    NOEXIST::FUNCTION:
+EVP_aes_256_cfb1                        3271    EXIST::FUNCTION:AES
+ERR_load_FIPS_strings                   3272    NOEXIST::FUNCTION:
+FIPS_corrupt_aes                        3273    NOEXIST::FUNCTION:
+FIPS_selftest_sha1                      3274    NOEXIST::FUNCTION:
+FIPS_selftest_rsa                       3275    NOEXIST::FUNCTION:
+FIPS_corrupt_sha1                       3276    NOEXIST::FUNCTION:
+EVP_des_cfb1                            3277    EXIST::FUNCTION:DES
+FIPS_dsa_check                          3278    NOEXIST::FUNCTION:
+AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
+EVP_des_ede3_cfb1                       3280    EXIST::FUNCTION:DES
+FIPS_rand_check                         3281    NOEXIST::FUNCTION:
+FIPS_md5_allowed                        3282    NOEXIST::FUNCTION:
+FIPS_mode                               3283    EXIST::FUNCTION:
+FIPS_selftest_failed                    3284    NOEXIST::FUNCTION:
+sk_is_sorted                            3285    EXIST::FUNCTION:
+X509_check_ca                           3286    EXIST::FUNCTION:
+private_idea_set_encrypt_key            3287    EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+HMAC_CTX_set_flags                      3288    EXIST::FUNCTION:HMAC
+private_SHA_Init                        3289    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key                    3290    EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init                  3291    EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RC5_32_set_key                  3292    NOEXIST::FUNCTION:
+private_MD5_Init                        3293    EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key                     3294    EXIST::FUNCTION:RC4
+private_MDC2_Init                       3295    EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key                     3296    EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init                        3297    EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key                      3298    EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init                        3299    EXIST:OPENSSL_FIPS:FUNCTION:MD2
+d2i_PROXY_CERT_INFO_EXTENSION           3300    EXIST::FUNCTION:
+PROXY_POLICY_it                         3301    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it                         3301    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROXY_POLICY                        3302    EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION           3303    EXIST::FUNCTION:
+d2i_PROXY_POLICY                        3304    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_new           3305    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free          3306    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PROXY_POLICY_free                       3308    EXIST::FUNCTION:
+PROXY_POLICY_new                        3309    EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  3310    EXIST::FUNCTION:
+FIPS_selftest_rng                       3311    NOEXIST::FUNCTION:
+EVP_sha384                              3312    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha512                              3313    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha224                              3314    EXIST::FUNCTION:SHA,SHA256
+EVP_sha256                              3315    EXIST::FUNCTION:SHA,SHA256
+FIPS_selftest_hmac                      3316    NOEXIST::FUNCTION:
+FIPS_corrupt_rng                        3317    NOEXIST::FUNCTION:
+BN_mod_exp_mont_consttime               3318    EXIST::FUNCTION:
+RSA_X931_hash_id                        3319    EXIST::FUNCTION:RSA
+RSA_padding_check_X931                  3320    EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS                    3321    EXIST::FUNCTION:RSA
+RSA_padding_add_X931                    3322    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS               3323    EXIST::FUNCTION:RSA
+PKCS1_MGF1                              3324    EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq                    3325    EXIST::FUNCTION:
+RSA_X931_generate_key                   3326    NOEXIST::FUNCTION:
+BN_X931_derive_prime                    3327    NOEXIST::FUNCTION:
+BN_X931_generate_prime                  3328    NOEXIST::FUNCTION:
+RSA_X931_derive                         3329    NOEXIST::FUNCTION:
+BIO_new_dgram                           3330    EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3331    EXIST::FUNCTION:
+ERR_set_mark                            3332    EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                3333    EXIST::FUNCTION:
+ENGINE_set_STORE                        3334    EXIST::FUNCTION:ENGINE
+ENGINE_register_ECDSA                   3335    EXIST::FUNCTION:ENGINE
+STORE_meth_set_list_start_fn            3336    NOEXIST::FUNCTION:
+STORE_method_set_list_start_function    3336    NOEXIST::FUNCTION:
+BN_BLINDING_invert_ex                   3337    EXIST::FUNCTION:
+NAME_CONSTRAINTS_free                   3338    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3339    NOEXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3340    EXIST::FUNCTION:DEPRECATED
+X509_STORE_CTX_set0_param               3341    EXIST::FUNCTION:
+POLICY_MAPPING_it                       3342    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       3342    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_parse_attrs_start                 3343    NOEXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3344    EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3345    EXIST::FUNCTION:
+BN_nist_mod_192                         3346    EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3347    EXIST::FUNCTION:EC,EC2M
+STORE_set_method                        3348    NOEXIST::FUNCTION:
+GENERAL_SUBTREE_free                    3349    EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     3350    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     3350    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ECDH_get_default_method                 3351    EXIST::FUNCTION:ECDH
+PKCS12_add_safe                         3352    EXIST::FUNCTION:
+EC_KEY_new_by_curve_name                3353    EXIST::FUNCTION:EC
+STORE_meth_get_update_store_fn          3354    NOEXIST::FUNCTION:
+STORE_method_get_update_store_function  3354    NOEXIST::FUNCTION:
+ENGINE_register_ECDH                    3355    EXIST::FUNCTION:ENGINE
+SHA512_Update                           3356    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+i2d_ECPrivateKey                        3357    EXIST::FUNCTION:EC
+BN_get0_nist_prime_192                  3358    EXIST::FUNCTION:
+STORE_modify_certificate                3359    NOEXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3360    EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_affine_coords_GF2m         3360    EXIST:VMS:FUNCTION:EC,EC2M
+BN_GF2m_mod_exp_arr                     3361    EXIST::FUNCTION:EC2M
+STORE_ATTR_INFO_modify_number           3362    NOEXIST::FUNCTION:
+X509_keyid_get0                         3363    EXIST::FUNCTION:
+ENGINE_load_gmp                         3364    EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
+pitem_new                               3365    EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr                     3366    EXIST::FUNCTION:EC2M
+STORE_list_public_key_endp              3367    NOEXIST::FUNCTION:
+o2i_ECPublicKey                         3368    EXIST::FUNCTION:EC
+EC_KEY_copy                             3369    EXIST::FUNCTION:EC
+BIO_dump_fp                             3370    EXIST::FUNCTION:FP_API
+X509_policy_node_get0_parent            3371    EXIST::FUNCTION:
+EC_GROUP_check_discriminant             3372    EXIST::FUNCTION:EC
+i2o_ECPublicKey                         3373    EXIST::FUNCTION:EC
+EC_KEY_precompute_mult                  3374    EXIST::FUNCTION:EC
+a2i_IPADDRESS                           3375    EXIST::FUNCTION:
+STORE_meth_set_initialise_fn            3376    NOEXIST::FUNCTION:
+STORE_method_set_initialise_function    3376    NOEXIST::FUNCTION:
+X509_STORE_CTX_set_depth                3377    EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit               3378    EXIST::FUNCTION:
+EC_POINT_point2bn                       3379    EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_dn                  3380    NOEXIST::FUNCTION:
+X509_policy_tree_get0_policies          3381    EXIST::FUNCTION:
+EC_GROUP_new_curve_GF2m                 3382    EXIST::FUNCTION:EC,EC2M
+STORE_destroy_method                    3383    NOEXIST::FUNCTION:
+ENGINE_unregister_STORE                 3384    EXIST::FUNCTION:ENGINE
+EVP_PKEY_get1_EC_KEY                    3385    EXIST::FUNCTION:EC
+STORE_ATTR_INFO_get0_number             3386    NOEXIST::FUNCTION:
+ENGINE_get_default_ECDH                 3387    EXIST::FUNCTION:ENGINE
+EC_KEY_get_conv_form                    3388    EXIST::FUNCTION:EC
+ASN1_OCTET_STRING_NDEF_it               3389    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3389    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_delete_public_key                 3390    NOEXIST::FUNCTION:
+STORE_get_public_key                    3391    NOEXIST::FUNCTION:
+STORE_modify_arbitrary                  3392    NOEXIST::FUNCTION:
+ENGINE_get_static_state                 3393    EXIST::FUNCTION:ENGINE
+pqueue_iterator                         3394    EXIST::FUNCTION:
+ECDSA_SIG_new                           3395    EXIST::FUNCTION:ECDSA
+OPENSSL_DIR_end                         3396    EXIST::FUNCTION:
+BN_GF2m_mod_sqr                         3397    EXIST::FUNCTION:EC2M
+EC_POINT_bn2point                       3398    EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_depth             3399    EXIST::FUNCTION:
+EC_KEY_set_asn1_flag                    3400    EXIST::FUNCTION:EC
+STORE_get_method                        3401    NOEXIST::FUNCTION:
+EC_KEY_get_key_method_data              3402    EXIST::FUNCTION:EC
+ECDSA_sign_ex                           3403    EXIST::FUNCTION:ECDSA
+STORE_parse_attrs_end                   3404    NOEXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      3405    EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3405    EXIST:VMS:FUNCTION:EC
+STORE_method_set_store_function         3406    NOEXIST::FUNCTION:
+STORE_ATTR_INFO_in                      3407    NOEXIST::FUNCTION:
+PEM_read_bio_ECPKParameters             3408    EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3409    EXIST::FUNCTION:EC,EC2M
+EVP_PKEY_add1_attr_by_txt               3410    EXIST::FUNCTION:
+BN_BLINDING_set_flags                   3411    EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_policies         3412    EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name             3413    EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose           3414    EXIST::FUNCTION:
+STORE_get_number                        3415    NOEXIST::FUNCTION:
+ECDSA_sign_setup                        3416    EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr              3417    EXIST::FUNCTION:EC2M
+EC_KEY_up_ref                           3418    EXIST::FUNCTION:EC
+POLICY_MAPPING_free                     3419    EXIST::FUNCTION:
+BN_GF2m_mod_div                         3420    EXIST::FUNCTION:EC2M
+X509_VERIFY_PARAM_set_flags             3421    EXIST::FUNCTION:
+EC_KEY_free                             3422    EXIST::FUNCTION:EC
+STORE_meth_set_list_next_fn             3423    NOEXIST::FUNCTION:
+STORE_method_set_list_next_function     3423    NOEXIST::FUNCTION:
+PEM_write_bio_ECPrivateKey              3424    EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3425    EXIST::FUNCTION:EC
+STORE_meth_get_generate_fn              3426    NOEXIST::FUNCTION:
+STORE_method_get_generate_function      3426    NOEXIST::FUNCTION:
+STORE_meth_set_list_end_fn              3427    NOEXIST::FUNCTION:
+STORE_method_set_list_end_function      3427    NOEXIST::FUNCTION:
+pqueue_print                            3428    EXIST::FUNCTION:
+EC_GROUP_have_precompute_mult           3429    EXIST::FUNCTION:EC
+EC_KEY_print_fp                         3430    EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr                         3431    EXIST::FUNCTION:EC2M
+PEM_write_bio_X509_CERT_PAIR            3432    EXIST::FUNCTION:
+EVP_PKEY_cmp                            3433    EXIST::FUNCTION:
+X509_policy_level_node_count            3434    EXIST::FUNCTION:
+STORE_new_engine                        3435    NOEXIST::FUNCTION:
+STORE_list_public_key_start             3436    NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3437    EXIST::FUNCTION:
+ECDH_get_ex_data                        3438    EXIST::FUNCTION:ECDH
+EVP_PKEY_get_attr                       3439    EXIST::FUNCTION:
+ECDSA_do_sign                           3440    EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH                  3441    EXIST::FUNCTION:ENGINE
+ECDH_OpenSSL                            3442    EXIST::FUNCTION:ECDH
+EC_KEY_set_conv_form                    3443    EXIST::FUNCTION:EC
+EC_POINT_dup                            3444    EXIST::FUNCTION:EC
+GENERAL_SUBTREE_new                     3445    EXIST::FUNCTION:
+STORE_list_crl_endp                     3446    NOEXIST::FUNCTION:
+EC_get_builtin_curves                   3447    EXIST::FUNCTION:EC
+X509_policy_node_get0_qualifiers        3448    EXIST:!VMS:FUNCTION:
+X509_pcy_node_get0_qualifiers           3448    EXIST:VMS:FUNCTION:
+STORE_list_crl_end                      3449    NOEXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY                    3450    EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr                    3451    EXIST::FUNCTION:EC2M
+i2d_ECPrivateKey_bio                    3452    EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp                 3453    EXIST::FUNCTION:EC,FP_API
+pqueue_find                             3454    EXIST::FUNCTION:
+ECDSA_SIG_free                          3455    EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters            3456    EXIST::FUNCTION:EC
+STORE_method_set_ctrl_function          3457    NOEXIST::FUNCTION:
+STORE_list_public_key_end               3458    NOEXIST::FUNCTION:
+EC_KEY_set_private_key                  3459    EXIST::FUNCTION:EC
+pqueue_peek                             3460    EXIST::FUNCTION:
+STORE_get_arbitrary                     3461    NOEXIST::FUNCTION:
+STORE_store_crl                         3462    NOEXIST::FUNCTION:
+X509_policy_node_get0_policy            3463    EXIST::FUNCTION:
+PKCS12_add_safes                        3464    EXIST::FUNCTION:
+BN_BLINDING_convert_ex                  3465    EXIST::FUNCTION:
+X509_policy_tree_free                   3466    EXIST::FUNCTION:
+OPENSSL_ia32cap_loc                     3467    EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3468    EXIST::FUNCTION:EC2M
+STORE_ctrl                              3469    NOEXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3470    NOEXIST::FUNCTION:
+BN_get0_nist_prime_224                  3471    EXIST::FUNCTION:
+i2d_ECParameters                        3472    EXIST::FUNCTION:EC
+i2d_ECPKParameters                      3473    EXIST::FUNCTION:EC
+BN_GENCB_call                           3474    EXIST::FUNCTION:
+d2i_ECPKParameters                      3475    EXIST::FUNCTION:EC
+STORE_meth_set_generate_fn              3476    NOEXIST::FUNCTION:
+STORE_method_set_generate_function      3476    NOEXIST::FUNCTION:
+ENGINE_set_ECDH                         3477    EXIST::FUNCTION:ENGINE
+NAME_CONSTRAINTS_new                    3478    EXIST::FUNCTION:
+SHA256_Init                             3479    EXIST::FUNCTION:SHA,SHA256
+EC_KEY_get0_public_key                  3480    EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY                 3481    EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_cstr                3482    NOEXIST::FUNCTION:
+STORE_list_crl_next                     3483    NOEXIST::FUNCTION:
+STORE_ATTR_INFO_in_range                3484    NOEXIST::FUNCTION:
+ECParameters_print                      3485    EXIST::FUNCTION:BIO,EC
+STORE_meth_set_delete_fn                3486    NOEXIST::FUNCTION:
+STORE_method_set_delete_function        3486    NOEXIST::FUNCTION:
+STORE_list_certificate_next             3487    NOEXIST::FUNCTION:
+ASN1_generate_nconf                     3488    EXIST::FUNCTION:
+BUF_memdup                              3489    EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3490    EXIST::FUNCTION:EC2M
+STORE_meth_get_list_next_fn             3491    NOEXIST::FUNCTION:
+STORE_method_get_list_next_function     3491    NOEXIST::FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3492    NOEXIST::FUNCTION:
+STORE_list_private_key_next             3493    NOEXIST::FUNCTION:
+EC_GROUP_set_seed                       3494    EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_trust             3495    EXIST::FUNCTION:
+STORE_ATTR_INFO_free                    3496    NOEXIST::FUNCTION:
+STORE_get_private_key                   3497    NOEXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 3498    EXIST::FUNCTION:
+STORE_ATTR_INFO_new                     3499    NOEXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 3500    EXIST::FUNCTION:EC,EC2M
+STORE_meth_set_revoke_fn                3501    NOEXIST::FUNCTION:
+STORE_method_set_revoke_function        3501    NOEXIST::FUNCTION:
+STORE_store_number                      3502    NOEXIST::FUNCTION:
+BN_is_prime_ex                          3503    EXIST::FUNCTION:
+STORE_revoke_public_key                 3504    NOEXIST::FUNCTION:
+X509_STORE_CTX_get0_param               3505    EXIST::FUNCTION:
+STORE_delete_arbitrary                  3506    NOEXIST::FUNCTION:
+PEM_read_X509_CERT_PAIR                 3507    EXIST:!WIN16:FUNCTION:
+X509_STORE_set_depth                    3508    EXIST::FUNCTION:
+ECDSA_get_ex_data                       3509    EXIST::FUNCTION:ECDSA
+SHA224                                  3510    EXIST::FUNCTION:SHA,SHA256
+BIO_dump_indent_fp                      3511    EXIST::FUNCTION:FP_API
+EC_KEY_set_group                        3512    EXIST::FUNCTION:EC
+BUF_strndup                             3513    EXIST::FUNCTION:
+STORE_list_certificate_start            3514    NOEXIST::FUNCTION:
+BN_GF2m_mod                             3515    EXIST::FUNCTION:EC2M
+X509_REQ_check_private_key              3516    EXIST::FUNCTION:
+EC_GROUP_get_seed_len                   3517    EXIST::FUNCTION:EC
+ERR_load_STORE_strings                  3518    NOEXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  3519    EXIST::FUNCTION:EC
+STORE_list_private_key_end              3520    NOEXIST::FUNCTION:
+i2d_EC_PUBKEY                           3521    EXIST::FUNCTION:EC
+ECDSA_get_default_method                3522    EXIST::FUNCTION:ECDSA
+ASN1_put_eoc                            3523    EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy      3524    EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get_expl_policy          3524    EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_table_cleanup         3525    EXIST::FUNCTION:
+STORE_modify_private_key                3526    NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_free                  3527    EXIST::FUNCTION:
+EC_METHOD_get_field_type                3528    EXIST::FUNCTION:EC
+EC_GFp_nist_method                      3529    EXIST::FUNCTION:EC
+STORE_meth_set_modify_fn                3530    NOEXIST::FUNCTION:
+STORE_method_set_modify_function        3530    NOEXIST::FUNCTION:
+STORE_parse_attrs_next                  3531    NOEXIST::FUNCTION:
+ENGINE_load_padlock                     3532    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+EC_GROUP_set_curve_name                 3533    EXIST::FUNCTION:EC
+X509_CERT_PAIR_it                       3534    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3534    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_meth_get_revoke_fn                3535    NOEXIST::FUNCTION:
+STORE_method_get_revoke_function        3535    NOEXIST::FUNCTION:
+STORE_method_set_get_function           3536    NOEXIST::FUNCTION:
+STORE_modify_number                     3537    NOEXIST::FUNCTION:
+STORE_method_get_store_function         3538    NOEXIST::FUNCTION:
+STORE_store_private_key                 3539    NOEXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr                     3540    EXIST::FUNCTION:EC2M
+RSA_setup_blinding                      3541    EXIST::FUNCTION:RSA
+BIO_s_datagram                          3542    EXIST::FUNCTION:DGRAM
+STORE_Memory                            3543    NOEXIST::FUNCTION:
+sk_find_ex                              3544    EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3545    EXIST::FUNCTION:EC,EC2M
+ENGINE_set_default_ECDSA                3546    EXIST::FUNCTION:ENGINE
+POLICY_CONSTRAINTS_new                  3547    EXIST::FUNCTION:
+BN_GF2m_mod_sqrt                        3548    EXIST::FUNCTION:EC2M
+ECDH_set_default_method                 3549    EXIST::FUNCTION:ECDH
+EC_KEY_generate_key                     3550    EXIST::FUNCTION:EC
+SHA384_Update                           3551    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+BN_GF2m_arr2poly                        3552    EXIST::FUNCTION:EC2M
+STORE_method_get_get_function           3553    NOEXIST::FUNCTION:
+STORE_meth_set_cleanup_fn               3554    NOEXIST::FUNCTION:
+STORE_method_set_cleanup_function       3554    NOEXIST::FUNCTION:
+EC_GROUP_check                          3555    EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3556    EXIST::FUNCTION:BIO,EC
+EC_KEY_insert_key_method_data           3557    EXIST::FUNCTION:EC
+STORE_meth_get_lock_store_fn            3558    NOEXIST::FUNCTION:
+STORE_method_get_lock_store_function    3558    NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_get_depth             3559    EXIST::FUNCTION:
+SHA224_Final                            3560    EXIST::FUNCTION:SHA,SHA256
+STORE_meth_set_update_store_fn          3561    NOEXIST::FUNCTION:
+STORE_method_set_update_store_function  3561    NOEXIST::FUNCTION:
+SHA224_Update                           3562    EXIST::FUNCTION:SHA,SHA256
+d2i_ECPrivateKey                        3563    EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d                      3564    EXIST::FUNCTION:
+STORE_delete_private_key                3565    NOEXIST::FUNCTION:
+ERR_pop_to_mark                         3566    EXIST::FUNCTION:
+ENGINE_register_all_STORE               3567    EXIST::FUNCTION:ENGINE
+X509_policy_level_get0_node             3568    EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3569    EXIST::FUNCTION:
+EC_GROUP_get_degree                     3570    EXIST::FUNCTION:EC
+ASN1_generate_v3                        3571    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3572    NOEXIST::FUNCTION:
+X509_policy_tree_level_count            3573    EXIST::FUNCTION:
+BN_GF2m_add                             3574    EXIST::FUNCTION:EC2M
+EC_KEY_get0_group                       3575    EXIST::FUNCTION:EC
+STORE_generate_crl                      3576    NOEXIST::FUNCTION:
+STORE_store_public_key                  3577    NOEXIST::FUNCTION:
+X509_CERT_PAIR_free                     3578    EXIST::FUNCTION:
+STORE_revoke_private_key                3579    NOEXIST::FUNCTION:
+BN_nist_mod_224                         3580    EXIST::FUNCTION:
+SHA512_Final                            3581    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_modify_dn               3582    NOEXIST::FUNCTION:
+STORE_meth_get_initialise_fn            3583    NOEXIST::FUNCTION:
+STORE_method_get_initialise_function    3583    NOEXIST::FUNCTION:
+STORE_delete_number                     3584    NOEXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3585    EXIST::FUNCTION:BIO,EC
+BIO_dgram_non_fatal_error               3586    EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  3587    EXIST::FUNCTION:EC
+STORE_ATTR_INFO_in_ex                   3588    NOEXIST::FUNCTION:
+STORE_list_crl_start                    3589    NOEXIST::FUNCTION:
+ECDH_get_ex_new_index                   3590    EXIST::FUNCTION:ECDH
+STORE_meth_get_modify_fn                3591    NOEXIST::FUNCTION:
+STORE_method_get_modify_function        3591    NOEXIST::FUNCTION:
+v2i_ASN1_BIT_STRING                     3592    EXIST::FUNCTION:
+STORE_store_certificate                 3593    NOEXIST::FUNCTION:
+OBJ_bsearch_ex                          3594    NOEXIST::FUNCTION:
+X509_STORE_CTX_set_default              3595    EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3596    NOEXIST::FUNCTION:
+BN_GF2m_mod_inv                         3597    EXIST::FUNCTION:EC2M
+BN_GF2m_mod_exp                         3598    EXIST::FUNCTION:EC2M
+STORE_modify_public_key                 3599    NOEXIST::FUNCTION:
+STORE_meth_get_list_start_fn            3600    NOEXIST::FUNCTION:
+STORE_method_get_list_start_function    3600    NOEXIST::FUNCTION:
+EC_GROUP_get0_seed                      3601    EXIST::FUNCTION:EC
+STORE_store_arbitrary                   3602    NOEXIST::FUNCTION:
+STORE_meth_set_unlock_store_fn          3603    NOEXIST::FUNCTION:
+STORE_method_set_unlock_store_function  3603    NOEXIST::FUNCTION:
+BN_GF2m_mod_div_arr                     3604    EXIST::FUNCTION:EC2M
+ENGINE_set_ECDSA                        3605    EXIST::FUNCTION:ENGINE
+STORE_create_method                     3606    NOEXIST::FUNCTION:
+ECPKParameters_print                    3607    EXIST::FUNCTION:BIO,EC
+EC_KEY_get0_private_key                 3608    EXIST::FUNCTION:EC
+PEM_write_EC_PUBKEY                     3609    EXIST:!WIN16:FUNCTION:EC
+X509_VERIFY_PARAM_set1                  3610    EXIST::FUNCTION:
+ECDH_set_method                         3611    EXIST::FUNCTION:ECDH
+v2i_GENERAL_NAME_ex                     3612    EXIST::FUNCTION:
+ECDH_set_ex_data                        3613    EXIST::FUNCTION:ECDH
+STORE_generate_key                      3614    NOEXIST::FUNCTION:
+BN_nist_mod_521                         3615    EXIST::FUNCTION:
+X509_policy_tree_get0_level             3616    EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3617    EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3617    EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY                      3618    EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG                           3619    EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL                           3620    EXIST::FUNCTION:ECDSA
+STORE_delete_crl                        3621    NOEXIST::FUNCTION:
+EC_KEY_get_enc_flags                    3622    EXIST::FUNCTION:EC
+ASN1_const_check_infinite_end           3623    EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    3624    EXIST::FUNCTION:
+ECDSA_set_default_method                3625    EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3626   EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_compr_coords_GF2m          3626    EXIST:VMS:FUNCTION:EC,EC2M
+EC_GROUP_cmp                            3627    EXIST::FUNCTION:EC
+STORE_revoke_certificate                3628    NOEXIST::FUNCTION:
+BN_get0_nist_prime_256                  3629    EXIST::FUNCTION:
+STORE_meth_get_delete_fn                3630    NOEXIST::FUNCTION:
+STORE_method_get_delete_function        3630    NOEXIST::FUNCTION:
+SHA224_Init                             3631    EXIST::FUNCTION:SHA,SHA256
+PEM_read_ECPrivateKey                   3632    EXIST:!WIN16:FUNCTION:EC
+SHA512_Init                             3633    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_parse_attrs_endp                  3634    NOEXIST::FUNCTION:
+BN_set_negative                         3635    EXIST::FUNCTION:
+ERR_load_ECDSA_strings                  3636    EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type                 3637    EXIST::FUNCTION:EC
+STORE_list_public_key_next              3638    NOEXIST::FUNCTION:
+i2v_ASN1_BIT_STRING                     3639    EXIST::FUNCTION:
+STORE_OBJECT_free                       3640    NOEXIST::FUNCTION:
+BN_nist_mod_384                         3641    EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3642    EXIST::FUNCTION:
+PEM_write_ECPKParameters                3643    EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key                        3644    EXIST::FUNCTION:ECDH
+STORE_ATTR_INFO_get0_sha1str            3645    NOEXIST::FUNCTION:
+ENGINE_register_all_ECDH                3646    EXIST::FUNCTION:ENGINE
+pqueue_pop                              3647    EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr               3648    NOEXIST::FUNCTION:
+POLICY_CONSTRAINTS_it                   3649    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   3649    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_get_ex_new_index                  3650    NOEXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                3651    EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           3652    EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3653    EXIST::FUNCTION:EC2M
+SHA256                                  3654    EXIST::FUNCTION:SHA,SHA256
+i2d_ECPrivateKey_fp                     3655    EXIST::FUNCTION:EC,FP_API
+X509_policy_tree_get0_user_policies     3656    EXIST:!VMS:FUNCTION:
+X509_pcy_tree_get0_usr_policies         3656    EXIST:VMS:FUNCTION:
+OPENSSL_DIR_read                        3657    EXIST::FUNCTION:
+ENGINE_register_all_ECDSA               3658    EXIST::FUNCTION:ENGINE
+X509_VERIFY_PARAM_lookup                3659    EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    3660    EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_get_affine_coords_GF2m         3660    EXIST:VMS:FUNCTION:EC,EC2M
+EC_GROUP_dup                            3661    EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA                3662    EXIST::FUNCTION:ENGINE
+EC_KEY_new                              3663    EXIST::FUNCTION:EC
+SHA256_Transform                        3664    EXIST::FUNCTION:SHA,SHA256
+EC_KEY_set_enc_flags                    3665    EXIST::FUNCTION:EC
+ECDSA_verify                            3666    EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex                      3667    EXIST::FUNCTION:EC
+ENGINE_get_STORE                        3668    EXIST::FUNCTION:ENGINE
+SHA512                                  3669    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_get_certificate                   3670    NOEXIST::FUNCTION:
+ECDSA_do_sign_ex                        3671    EXIST::FUNCTION:ECDSA
+ECDSA_do_verify                         3672    EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp                     3673    EXIST::FUNCTION:EC,FP_API
+STORE_delete_certificate                3674    NOEXIST::FUNCTION:
+SHA512_Transform                        3675    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+X509_STORE_set1_param                   3676    EXIST::FUNCTION:
+STORE_method_get_ctrl_function          3677    NOEXIST::FUNCTION:
+STORE_free                              3678    NOEXIST::FUNCTION:
+PEM_write_ECPrivateKey                  3679    EXIST:!WIN16:FUNCTION:EC
+STORE_meth_get_unlock_store_fn          3680    NOEXIST::FUNCTION:
+STORE_method_get_unlock_store_function  3680    NOEXIST::FUNCTION:
+STORE_get_ex_data                       3681    NOEXIST::FUNCTION:
+EC_KEY_set_public_key                   3682    EXIST::FUNCTION:EC
+PEM_read_ECPKParameters                 3683    EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new                      3684    EXIST::FUNCTION:
+ENGINE_register_STORE                   3685    EXIST::FUNCTION:ENGINE
+RSA_generate_key_ex                     3686    EXIST::FUNCTION:RSA
+DSA_generate_parameters_ex              3687    EXIST::FUNCTION:DSA
+ECParameters_print_fp                   3688    EXIST::FUNCTION:EC,FP_API
+X509V3_NAME_from_section                3689    EXIST::FUNCTION:
+EVP_PKEY_add1_attr                      3690    EXIST::FUNCTION:
+STORE_modify_crl                        3691    NOEXIST::FUNCTION:
+STORE_list_private_key_start            3692    NOEXIST::FUNCTION:
+POLICY_MAPPINGS_it                      3693    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      3693    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_SUBTREE_it                      3694    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3694    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_curve_name                 3695    EXIST::FUNCTION:EC
+PEM_write_X509_CERT_PAIR                3696    EXIST:!WIN16:FUNCTION:
+BIO_dump_indent_cb                      3697    EXIST::FUNCTION:
+d2i_X509_CERT_PAIR                      3698    EXIST::FUNCTION:
+STORE_list_private_key_endp             3699    NOEXIST::FUNCTION:
+asn1_const_Finish                       3700    EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3701    EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256                         3702    EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            3703    EXIST::FUNCTION:
+pqueue_free                             3704    EXIST::FUNCTION:
+BN_BLINDING_create_param                3705    EXIST::FUNCTION:
+ECDSA_size                              3706    EXIST::FUNCTION:ECDSA
+d2i_EC_PUBKEY_bio                       3707    EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521                  3708    EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str          3709    NOEXIST::FUNCTION:
+BN_generate_prime_ex                    3710    EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name              3711    EXIST::FUNCTION:EC
+SHA256_Final                            3712    EXIST::FUNCTION:SHA,SHA256
+DH_generate_parameters_ex               3713    EXIST::FUNCTION:DH
+PEM_read_bio_ECPrivateKey               3714    EXIST::FUNCTION:EC
+STORE_meth_get_cleanup_fn               3715    NOEXIST::FUNCTION:
+STORE_method_get_cleanup_function       3715    NOEXIST::FUNCTION:
+ENGINE_get_ECDH                         3716    EXIST::FUNCTION:ENGINE
+d2i_ECDSA_SIG                           3717    EXIST::FUNCTION:ECDSA
+BN_is_prime_fasttest_ex                 3718    EXIST::FUNCTION:
+ECDSA_sign                              3719    EXIST::FUNCTION:ECDSA
+X509_policy_check                       3720    EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID                3721    EXIST::FUNCTION:
+STORE_set_ex_data                       3722    NOEXIST::FUNCTION:
+ENGINE_get_ECDSA                        3723    EXIST::FUNCTION:ENGINE
+EVP_ecdsa                               3724    EXIST::FUNCTION:SHA
+BN_BLINDING_get_flags                   3725    EXIST::FUNCTION:
+PKCS12_add_cert                         3726    EXIST::FUNCTION:
+STORE_OBJECT_new                        3727    NOEXIST::FUNCTION:
+ERR_load_ECDH_strings                   3728    EXIST::FUNCTION:ECDH
+EC_KEY_dup                              3729    EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_rand_key                 3730    EXIST::FUNCTION:
+ECDSA_set_method                        3731    EXIST::FUNCTION:ECDSA
+a2i_IPADDRESS_NC                        3732    EXIST::FUNCTION:
+d2i_ECParameters                        3733    EXIST::FUNCTION:EC
+STORE_list_certificate_end              3734    NOEXIST::FUNCTION:
+STORE_get_crl                           3735    NOEXIST::FUNCTION:
+X509_POLICY_NODE_print                  3736    EXIST::FUNCTION:
+SHA384_Init                             3737    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EC_GF2m_simple_method                   3738    EXIST::FUNCTION:EC,EC2M
+ECDSA_set_ex_data                       3739    EXIST::FUNCTION:ECDSA
+SHA384_Final                            3740    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+PKCS7_set_digest                        3741    EXIST::FUNCTION:
+EC_KEY_print                            3742    EXIST::FUNCTION:BIO,EC
+STORE_meth_set_lock_store_fn            3743    NOEXIST::FUNCTION:
+STORE_method_set_lock_store_function    3743    NOEXIST::FUNCTION:
+ECDSA_get_ex_new_index                  3744    EXIST::FUNCTION:ECDSA
+SHA384                                  3745    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+POLICY_MAPPING_new                      3746    EXIST::FUNCTION:
+STORE_list_certificate_endp             3747    NOEXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3748    EXIST::FUNCTION:
+EC_GROUP_set_asn1_flag                  3749    EXIST::FUNCTION:EC
+EC_KEY_check_key                        3750    EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp                        3751    EXIST::FUNCTION:EC,FP_API
+PKCS7_set0_type_other                   3752    EXIST::FUNCTION:
+PEM_read_bio_X509_CERT_PAIR             3753    EXIST::FUNCTION:
+pqueue_next                             3754    EXIST::FUNCTION:
+STORE_meth_get_list_end_fn              3755    NOEXIST::FUNCTION:
+STORE_method_get_list_end_function      3755    NOEXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_OBJ               3756    EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time              3757    EXIST::FUNCTION:
+pqueue_new                              3758    EXIST::FUNCTION:
+ENGINE_set_default_ECDH                 3759    EXIST::FUNCTION:ENGINE
+STORE_new_method                        3760    NOEXIST::FUNCTION:
+PKCS12_add_key                          3761    EXIST::FUNCTION:
+DSO_merge                               3762    EXIST::FUNCTION:
+EC_POINT_hex2point                      3763    EXIST::FUNCTION:EC
+BIO_dump_cb                             3764    EXIST::FUNCTION:
+SHA256_Update                           3765    EXIST::FUNCTION:SHA,SHA256
+pqueue_insert                           3766    EXIST::FUNCTION:
+pitem_free                              3767    EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3768    EXIST::FUNCTION:EC2M
+ENGINE_unregister_ECDSA                 3769    EXIST::FUNCTION:ENGINE
+BN_BLINDING_set_thread_id               3770    EXIST::FUNCTION:DEPRECATED
+get_rfc3526_prime_8192                  3771    EXIST::FUNCTION:
+X509_VERIFY_PARAM_clear_flags           3772    EXIST::FUNCTION:
+get_rfc2409_prime_1024                  3773    EXIST::FUNCTION:
+DH_check_pub_key                        3774    EXIST::FUNCTION:DH
+get_rfc3526_prime_2048                  3775    EXIST::FUNCTION:
+get_rfc3526_prime_6144                  3776    EXIST::FUNCTION:
+get_rfc3526_prime_1536                  3777    EXIST::FUNCTION:
+get_rfc3526_prime_3072                  3778    EXIST::FUNCTION:
+get_rfc3526_prime_4096                  3779    EXIST::FUNCTION:
+get_rfc2409_prime_768                   3780    EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_flags             3781    EXIST::FUNCTION:
+EVP_CIPHER_CTX_new                      3782    EXIST::FUNCTION:
+EVP_CIPHER_CTX_free                     3783    EXIST::FUNCTION:
+Camellia_cbc_encrypt                    3784    EXIST::FUNCTION:CAMELLIA
+Camellia_cfb128_encrypt                 3785    EXIST::FUNCTION:CAMELLIA
+Camellia_cfb1_encrypt                   3786    EXIST::FUNCTION:CAMELLIA
+Camellia_cfb8_encrypt                   3787    EXIST::FUNCTION:CAMELLIA
+Camellia_ctr128_encrypt                 3788    EXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block             3789    NOEXIST::FUNCTION:
+Camellia_decrypt                        3790    EXIST::FUNCTION:CAMELLIA
+Camellia_ecb_encrypt                    3791    EXIST::FUNCTION:CAMELLIA
+Camellia_encrypt                        3792    EXIST::FUNCTION:CAMELLIA
+Camellia_ofb128_encrypt                 3793    EXIST::FUNCTION:CAMELLIA
+Camellia_set_key                        3794    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cbc                    3795    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb128                 3796    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb1                   3797    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb8                   3798    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ecb                    3799    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ofb                    3800    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cbc                    3801    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb128                 3802    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb1                   3803    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb8                   3804    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ecb                    3805    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ofb                    3806    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cbc                    3807    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb128                 3808    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb1                   3809    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb8                   3810    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ecb                    3811    EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ofb                    3812    EXIST::FUNCTION:CAMELLIA
+a2i_ipadd                               3813    EXIST::FUNCTION:
+ASIdentifiers_free                      3814    EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3815    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_block_size                   3816    EXIST::FUNCTION:
+v3_asid_is_canonical                    3817    EXIST::FUNCTION:RFC3779
+IPAddressChoice_free                    3818    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_set_app_data             3819    EXIST::FUNCTION:
+BIO_set_callback_arg                    3820    EXIST::FUNCTION:
+v3_addr_add_prefix                      3821    EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it                     3822    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     3822    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+BIO_set_flags                           3823    EXIST::FUNCTION:
+ASIdentifiers_it                        3824    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        3824    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range                       3825    EXIST::FUNCTION:RFC3779
+BIO_method_type                         3826    EXIST::FUNCTION:
+v3_addr_inherits                        3827    EXIST::FUNCTION:RFC3779
+IPAddressChoice_it                      3828    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      3828    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+AES_ige_encrypt                         3829    EXIST::FUNCTION:AES
+v3_addr_add_range                       3830    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_nid                      3831    EXIST::FUNCTION:
+d2i_ASRange                             3832    EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit                     3833    EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range                 3834    EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set           3835    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_iv_length                    3836    EXIST::FUNCTION:
+EVP_MD_type                             3837    EXIST::FUNCTION:
+v3_asid_canonize                        3838    EXIST::FUNCTION:RFC3779
+IPAddressRange_free                     3839    EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit                     3840    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_key_length               3841    EXIST::FUNCTION:
+IPAddressRange_new                      3842    EXIST::FUNCTION:RFC3779
+ASIdOrRange_new                         3843    EXIST::FUNCTION:RFC3779
+EVP_MD_size                             3844    EXIST::FUNCTION:
+EVP_MD_CTX_test_flags                   3845    EXIST::FUNCTION:
+BIO_clear_flags                         3846    EXIST::FUNCTION:
+i2d_ASRange                             3847    EXIST::FUNCTION:RFC3779
+IPAddressRange_it                       3848    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       3848    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new                     3849    EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new                  3850    EXIST::FUNCTION:RFC3779
+ASRange_free                            3851    EXIST::FUNCTION:RFC3779
+EVP_MD_pkey_type                        3852    EXIST::FUNCTION:
+EVP_MD_CTX_clear_flags                  3853    EXIST::FUNCTION:
+IPAddressFamily_free                    3854    EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily                     3855    EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new                    3856    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_flags                        3857    EXIST::FUNCTION:
+v3_asid_validate_resource_set           3858    EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange                      3859    EXIST::FUNCTION:RFC3779
+AES_bi_ige_encrypt                      3860    EXIST::FUNCTION:AES
+BIO_get_callback                        3861    EXIST::FUNCTION:
+IPAddressOrRange_free                   3862    EXIST::FUNCTION:RFC3779
+v3_addr_subset                          3863    EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily                     3864    EXIST::FUNCTION:RFC3779
+v3_asid_subset                          3865    EXIST::FUNCTION:RFC3779
+BIO_test_flags                          3866    EXIST::FUNCTION:
+i2d_ASIdentifierChoice                  3867    EXIST::FUNCTION:RFC3779
+ASRange_it                              3868    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3868    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers                       3869    EXIST::FUNCTION:RFC3779
+ASRange_new                             3870    EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice                     3871    EXIST::FUNCTION:RFC3779
+v3_addr_get_afi                         3872    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_key_length                   3873    EXIST::FUNCTION:
+EVP_Cipher                              3874    EXIST::FUNCTION:
+i2d_IPAddressOrRange                    3875    EXIST::FUNCTION:RFC3779
+ASIdOrRange_it                          3876    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          3876    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_CIPHER_nid                          3877    EXIST::FUNCTION:
+i2d_IPAddressChoice                     3878    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_block_size               3879    EXIST::FUNCTION:
+ASIdentifiers_new                       3880    EXIST::FUNCTION:RFC3779
+v3_addr_validate_path                   3881    EXIST::FUNCTION:RFC3779
+IPAddressFamily_new                     3882    EXIST::FUNCTION:RFC3779
+EVP_MD_CTX_set_flags                    3883    EXIST::FUNCTION:
+v3_addr_is_canonical                    3884    EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange                      3885    EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      3886    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      3886    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits                        3887    EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_cipher                   3888    EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_app_data             3889    EXIST::FUNCTION:
+EVP_MD_block_size                       3890    EXIST::FUNCTION:
+EVP_CIPHER_CTX_flags                    3891    EXIST::FUNCTION:
+v3_asid_validate_path                   3892    EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange                    3893    EXIST::FUNCTION:RFC3779
+v3_addr_canonize                        3894    EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it                   3895    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   3895    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_MD_CTX_md                           3896    EXIST::FUNCTION:
+d2i_ASIdentifierChoice                  3897    EXIST::FUNCTION:RFC3779
+BIO_method_name                         3898    EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_length                3899    EXIST::FUNCTION:
+ASIdOrRange_free                        3900    EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free                 3901    EXIST::FUNCTION:RFC3779
+BIO_get_callback_arg                    3902    EXIST::FUNCTION:
+BIO_set_callback                        3903    EXIST::FUNCTION:
+d2i_ASIdOrRange                         3904    EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers                       3905    EXIST::FUNCTION:RFC3779
+SEED_decrypt                            3908    EXIST::FUNCTION:SEED
+SEED_encrypt                            3909    EXIST::FUNCTION:SEED
+SEED_cbc_encrypt                        3910    EXIST::FUNCTION:SEED
+EVP_seed_ofb                            3911    EXIST::FUNCTION:SEED
+SEED_cfb128_encrypt                     3912    EXIST::FUNCTION:SEED
+SEED_ofb128_encrypt                     3913    EXIST::FUNCTION:SEED
+EVP_seed_cbc                            3914    EXIST::FUNCTION:SEED
+SEED_ecb_encrypt                        3915    EXIST::FUNCTION:SEED
+EVP_seed_ecb                            3916    EXIST::FUNCTION:SEED
+SEED_set_key                            3917    EXIST::FUNCTION:SEED
+EVP_seed_cfb128                         3918    EXIST::FUNCTION:SEED
+X509_EXTENSIONS_it                      3919    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSIONS_it                      3919    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_get1_ocsp                          3920    EXIST::FUNCTION:
+OCSP_REQ_CTX_free                       3921    EXIST::FUNCTION:
+i2d_X509_EXTENSIONS                     3922    EXIST::FUNCTION:
+OCSP_sendreq_nbio                       3923    EXIST::FUNCTION:
+OCSP_sendreq_new                        3924    EXIST::FUNCTION:
+d2i_X509_EXTENSIONS                     3925    EXIST::FUNCTION:
+X509_ALGORS_it                          3926    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGORS_it                          3926    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_ALGOR_get0                         3927    EXIST::FUNCTION:
+X509_ALGOR_set0                         3928    EXIST::FUNCTION:
+AES_unwrap_key                          3929    EXIST::FUNCTION:AES
+AES_wrap_key                            3930    EXIST::FUNCTION:AES
+X509at_get0_data_by_OBJ                 3931    EXIST::FUNCTION:
+ASN1_TYPE_set1                          3932    EXIST::FUNCTION:
+ASN1_STRING_set0                        3933    EXIST::FUNCTION:
+i2d_X509_ALGORS                         3934    EXIST::FUNCTION:
+BIO_f_zlib                              3935    EXIST:ZLIB:FUNCTION:
+COMP_zlib_cleanup                       3936    EXIST::FUNCTION:
+d2i_X509_ALGORS                         3937    EXIST::FUNCTION:
+CMS_ReceiptRequest_free                 3938    EXIST::FUNCTION:CMS
+PEM_write_CMS                           3939    EXIST:!WIN16:FUNCTION:CMS
+CMS_add0_CertificateChoices             3940    EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_OBJ           3941    EXIST::FUNCTION:CMS
+ERR_load_CMS_strings                    3942    EXIST::FUNCTION:CMS
+CMS_sign_receipt                        3943    EXIST::FUNCTION:CMS
+i2d_CMS_ContentInfo                     3944    EXIST::FUNCTION:CMS
+CMS_signed_delete_attr                  3945    EXIST::FUNCTION:CMS
+d2i_CMS_bio                             3946    EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_NID            3947    EXIST::FUNCTION:CMS
+CMS_verify                              3948    EXIST::FUNCTION:CMS
+SMIME_read_CMS                          3949    EXIST::FUNCTION:CMS
+CMS_decrypt_set1_key                    3950    EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_algs                3951    EXIST::FUNCTION:CMS
+CMS_add1_cert                           3952    EXIST::FUNCTION:CMS
+CMS_set_detached                        3953    EXIST::FUNCTION:CMS
+CMS_encrypt                             3954    EXIST::FUNCTION:CMS
+CMS_EnvelopedData_create                3955    EXIST::FUNCTION:CMS
+CMS_uncompress                          3956    EXIST::FUNCTION:CMS
+CMS_add0_crl                            3957    EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify_content           3958    EXIST::FUNCTION:CMS
+CMS_unsigned_get0_data_by_OBJ           3959    EXIST::FUNCTION:CMS
+PEM_write_bio_CMS                       3960    EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr                   3961    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_cert_cmp         3962    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_algs        3963    EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_algs            3963    EXIST:VMS:FUNCTION:CMS
+CMS_ContentInfo_free                    3964    EXIST::FUNCTION:CMS
+CMS_final                               3965    EXIST::FUNCTION:CMS
+CMS_add_simple_smimecap                 3966    EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify                   3967    EXIST::FUNCTION:CMS
+CMS_data                                3968    EXIST::FUNCTION:CMS
+CMS_ContentInfo_it                      3969    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ContentInfo_it                      3969    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+d2i_CMS_ReceiptRequest                  3970    EXIST::FUNCTION:CMS
+CMS_compress                            3971    EXIST::FUNCTION:CMS
+CMS_digest_create                       3972    EXIST::FUNCTION:CMS
+CMS_SignerInfo_cert_cmp                 3973    EXIST::FUNCTION:CMS
+CMS_SignerInfo_sign                     3974    EXIST::FUNCTION:CMS
+CMS_data_create                         3975    EXIST::FUNCTION:CMS
+i2d_CMS_bio                             3976    EXIST::FUNCTION:CMS
+CMS_EncryptedData_set1_key              3977    EXIST::FUNCTION:CMS
+CMS_decrypt                             3978    EXIST::FUNCTION:CMS
+int_smime_write_ASN1                    3979    NOEXIST::FUNCTION:
+CMS_unsigned_delete_attr                3980    EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_count             3981    EXIST::FUNCTION:CMS
+CMS_add_smimecap                        3982    EXIST::FUNCTION:CMS
+PEM_read_CMS                            3983    EXIST:!WIN16:FUNCTION:CMS
+CMS_signed_get_attr_by_OBJ              3984    EXIST::FUNCTION:CMS
+d2i_CMS_ContentInfo                     3985    EXIST::FUNCTION:CMS
+CMS_add_standard_smimecap               3986    EXIST::FUNCTION:CMS
+CMS_ContentInfo_new                     3987    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_type                  3988    EXIST::FUNCTION:CMS
+CMS_get0_type                           3989    EXIST::FUNCTION:CMS
+CMS_is_detached                         3990    EXIST::FUNCTION:CMS
+CMS_sign                                3991    EXIST::FUNCTION:CMS
+CMS_signed_add1_attr                    3992    EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_OBJ            3993    EXIST::FUNCTION:CMS
+SMIME_write_CMS                         3994    EXIST::FUNCTION:CMS
+CMS_EncryptedData_decrypt               3995    EXIST::FUNCTION:CMS
+CMS_get0_RecipientInfos                 3996    EXIST::FUNCTION:CMS
+CMS_add0_RevocationInfoChoice           3997    EXIST::FUNCTION:CMS
+CMS_decrypt_set1_pkey                   3998    EXIST::FUNCTION:CMS
+CMS_SignerInfo_set1_signer_cert         3999    EXIST::FUNCTION:CMS
+CMS_get0_signers                        4000    EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_get0_values          4001    EXIST::FUNCTION:CMS
+CMS_signed_get0_data_by_OBJ             4002    EXIST::FUNCTION:CMS
+CMS_get0_SignerInfos                    4003    EXIST::FUNCTION:CMS
+CMS_add0_cert                           4004    EXIST::FUNCTION:CMS
+CMS_EncryptedData_encrypt               4005    EXIST::FUNCTION:CMS
+CMS_digest_verify                       4006    EXIST::FUNCTION:CMS
+CMS_set1_signers_certs                  4007    EXIST::FUNCTION:CMS
+CMS_signed_get_attr                     4008    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_key              4009    EXIST::FUNCTION:CMS
+CMS_SignedData_init                     4010    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_get0_id         4011    EXIST::FUNCTION:CMS
+CMS_verify_receipt                      4012    EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_it                   4013    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ReceiptRequest_it                   4013    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+PEM_read_bio_CMS                        4014    EXIST::FUNCTION:CMS
+CMS_get1_crls                           4015    EXIST::FUNCTION:CMS
+CMS_add0_recipient_key                  4016    EXIST::FUNCTION:CMS
+SMIME_read_ASN1                         4017    EXIST::FUNCTION:
+CMS_ReceiptRequest_new                  4018    EXIST::FUNCTION:CMS
+CMS_get0_content                        4019    EXIST::FUNCTION:CMS
+CMS_get1_ReceiptRequest                 4020    EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_OBJ             4021    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_id_cmp          4022    EXIST::FUNCTION:CMS
+CMS_add1_ReceiptRequest                 4023    EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_signer_id           4024    EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_NID           4025    EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr                  4026    EXIST::FUNCTION:CMS
+CMS_signed_get_attr_by_NID              4027    EXIST::FUNCTION:CMS
+CMS_get1_certs                          4028    EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_NID             4029    EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_txt           4030    EXIST::FUNCTION:CMS
+CMS_dataFinal                           4031    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_signer_id   4032    EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_sigr_id         4032    EXIST:VMS:FUNCTION:CMS
+i2d_CMS_ReceiptRequest                  4033    EXIST::FUNCTION:CMS
+CMS_add1_recipient_cert                 4034    EXIST::FUNCTION:CMS
+CMS_dataInit                            4035    EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_txt             4036    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_decrypt               4037    EXIST::FUNCTION:CMS
+CMS_signed_get_attr_count               4038    EXIST::FUNCTION:CMS
+CMS_get0_eContentType                   4039    EXIST::FUNCTION:CMS
+CMS_set1_eContentType                   4040    EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_create0              4041    EXIST::FUNCTION:CMS
+CMS_add1_signer                         4042    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_pkey             4043    EXIST::FUNCTION:CMS
+ENGINE_set_load_ssl_client_cert_function 4044   EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_ld_ssl_clnt_cert_fn          4044    EXIST:VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_function     4045    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_fn           4045    EXIST:VMS:FUNCTION:ENGINE
+ENGINE_load_ssl_client_cert             4046    EXIST::FUNCTION:ENGINE
+ENGINE_load_capi                        4047    EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OPENSSL_isservice                       4048    EXIST::FUNCTION:
+FIPS_dsa_sig_decode                     4049    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_clear_flags              4050    EXIST::FUNCTION:
+FIPS_rand_status                        4051    NOEXIST::FUNCTION:
+FIPS_rand_set_key                       4052    NOEXIST::FUNCTION:
+CRYPTO_set_mem_info_functions           4053    NOEXIST::FUNCTION:
+RSA_X931_generate_key_ex                4054    NOEXIST::FUNCTION:
+int_ERR_set_state_func                  4055    NOEXIST::FUNCTION:
+int_EVP_MD_set_engine_callbacks         4056    NOEXIST::FUNCTION:
+int_CRYPTO_set_do_dynlock_callback      4057    NOEXIST::FUNCTION:
+FIPS_rng_stick                          4058    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_flags                4059    EXIST::FUNCTION:
+BN_X931_generate_prime_ex               4060    EXIST::FUNCTION:
+FIPS_selftest_check                     4061    NOEXIST::FUNCTION:
+FIPS_rand_set_dt                        4062    NOEXIST::FUNCTION:
+CRYPTO_dbg_pop_info                     4063    NOEXIST::FUNCTION:
+FIPS_dsa_free                           4064    NOEXIST::FUNCTION:
+RSA_X931_derive_ex                      4065    NOEXIST::FUNCTION:
+FIPS_rsa_new                            4066    NOEXIST::FUNCTION:
+FIPS_rand_bytes                         4067    NOEXIST::FUNCTION:
+fips_cipher_test                        4068    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_test_flags               4069    EXIST::FUNCTION:
+CRYPTO_malloc_debug_init                4070    NOEXIST::FUNCTION:
+CRYPTO_dbg_push_info                    4071    NOEXIST::FUNCTION:
+FIPS_corrupt_rsa_keygen                 4072    NOEXIST::FUNCTION:
+FIPS_dh_new                             4073    NOEXIST::FUNCTION:
+FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
+FIPS_dh_free                            4075    NOEXIST::FUNCTION:
+fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
+int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
+int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
+int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
+FIPS_rand_test_mode                     4081    NOEXIST::FUNCTION:
+FIPS_rand_reset                         4082    NOEXIST::FUNCTION:
+FIPS_dsa_new                            4083    NOEXIST::FUNCTION:
+int_RAND_set_callbacks                  4084    NOEXIST::FUNCTION:
+BN_X931_derive_prime_ex                 4085    EXIST::FUNCTION:
+int_ERR_lib_init                        4086    NOEXIST::FUNCTION:
+int_EVP_CIPHER_init_engine_callbacks    4087    NOEXIST::FUNCTION:
+FIPS_rsa_free                           4088    NOEXIST::FUNCTION:
+FIPS_dsa_sig_encode                     4089    NOEXIST::FUNCTION:
+CRYPTO_dbg_remove_all_info              4090    NOEXIST::FUNCTION:
+OPENSSL_init                            4091    EXIST::FUNCTION:
+private_Camellia_set_key                4092    EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+CRYPTO_strdup                           4093    EXIST::FUNCTION:
+JPAKE_STEP3A_process                    4094    EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_release                     4095    EXIST::FUNCTION:JPAKE
+JPAKE_get_shared_key                    4096    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_init                       4097    EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_generate                    4098    EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_init                        4099    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_process                    4100    EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_generate                    4101    EXIST::FUNCTION:JPAKE
+JPAKE_CTX_new                           4102    EXIST::FUNCTION:JPAKE
+JPAKE_CTX_free                          4103    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_release                    4104    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_release                    4105    EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_process                     4106    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_generate                   4107    EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_process                     4108    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_generate                   4109    EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_release                     4110    EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_init                       4111    EXIST::FUNCTION:JPAKE
+ERR_load_JPAKE_strings                  4112    EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_init                        4113    EXIST::FUNCTION:JPAKE
+pqueue_size                             4114    EXIST::FUNCTION:
+i2d_TS_ACCURACY                         4115    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   4116    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT                      4117    EXIST::FUNCTION:
+EVP_PKEY_print_public                   4118    EXIST::FUNCTION:
+EVP_PKEY_CTX_new                        4119    EXIST::FUNCTION:
+i2d_TS_TST_INFO                         4120    EXIST::FUNCTION:
+EVP_PKEY_asn1_find                      4121    EXIST::FUNCTION:
+DSO_METHOD_beos                         4122    EXIST::FUNCTION:
+TS_CONF_load_cert                       4123    EXIST::FUNCTION:
+TS_REQ_get_ext                          4124    EXIST::FUNCTION:
+EVP_PKEY_sign_init                      4125    EXIST::FUNCTION:
+ASN1_item_print                         4126    EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   4127    EXIST::FUNCTION:
+TS_RESP_dup                             4128    EXIST::FUNCTION:
+ENGINE_register_pkey_meths              4129    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_add0                      4130    EXIST::FUNCTION:
+PKCS7_add0_attrib_signing_time          4131    EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      4132    EXIST::FUNCTION:
+BIO_asn1_get_prefix                     4133    EXIST::FUNCTION:
+TS_TST_INFO_set_time                    4134    EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               4135    EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   4136    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            4137    EXIST::FUNCTION:
+TS_REQ_set_policy_id                    4138    EXIST::FUNCTION:
+d2i_TS_RESP_fp                          4139    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_engine        4140    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_pkey_asn1_meth_eng           4140    EXIST:VMS:FUNCTION:ENGINE
+WHIRLPOOL_Init                          4141    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_RESP_set_status_info                 4142    EXIST::FUNCTION:
+EVP_PKEY_keygen                         4143    EXIST::FUNCTION:
+EVP_DigestSignInit                      4144    EXIST::FUNCTION:
+TS_ACCURACY_set_millis                  4145    EXIST::FUNCTION:
+TS_REQ_dup                              4146    EXIST::FUNCTION:
+GENERAL_NAME_dup                        4147    EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    4148    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+WHIRLPOOL                               4149    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_STORE_get1_crls                    4150    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               4151    EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_new                       4152    EXIST::FUNCTION:
+BIO_new_NDEF                            4153    EXIST::FUNCTION:
+ENGINE_get_pkey_meth                    4154    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_set_algo                 4155    EXIST::FUNCTION:
+i2d_TS_TST_INFO_bio                     4156    EXIST::FUNCTION:
+TS_TST_INFO_set_ordering                4157    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_OBJ              4158    EXIST::FUNCTION:
+CRYPTO_THREADID_set_pointer             4159    EXIST::FUNCTION:
+TS_CONF_get_tsa_section                 4160    EXIST::FUNCTION:
+SMIME_write_ASN1                        4161    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_key              4162    EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    4163    EXIST::FUNCTION:
+EVP_PKEY_encrypt_init                   4164    EXIST::FUNCTION:
+CRYPTO_THREADID_cpy                     4165    EXIST::FUNCTION:
+ASN1_PCTX_get_cert_flags                4166    EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    4167    EXIST::FUNCTION:
+TS_CONF_load_key                        4168    EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   4169    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_bio                  4170    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public                4171    EXIST::FUNCTION:
+b2i_PublicKey_bio                       4172    EXIST::FUNCTION:
+BIO_asn1_set_prefix                     4173    EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    4174    EXIST::FUNCTION:
+BIO_new_CMS                             4175    EXIST::FUNCTION:CMS
+CRYPTO_THREADID_cmp                     4176    EXIST::FUNCTION:
+TS_REQ_ext_free                         4177    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  4178    EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      4179    EXIST::FUNCTION:
+d2i_NETSCAPE_X509                       4180    EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            4181    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_data                   4182    EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    4183    EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info             4184    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_algo                 4185    EXIST::FUNCTION:
+TS_REQ_print_bio                        4186    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   4187    EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_nid         4188    EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              4189    EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                4190    EXIST::FUNCTION:
+BN_asc2bn                               4191    EXIST::FUNCTION:
+TS_REQ_get_policy_id                    4192    EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      4193    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_def_pkey_asn1_meths          4193    EXIST:VMS:FUNCTION:ENGINE
+d2i_TS_ACCURACY                         4194    EXIST::FUNCTION:
+DSO_global_lookup                       4195    EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    4196    EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        4197    EXIST::FUNCTION:
+ENGINE_load_gost                        4198    EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
+WHIRLPOOL_BitUpdate                     4199    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+ASN1_PCTX_get_flags                     4200    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              4201    EXIST::FUNCTION:
+TS_RESP_new                             4202    EXIST::FUNCTION:
+ESS_CERT_ID_dup                         4203    EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      4204    EXIST::FUNCTION:
+TS_REQ_delete_ext                       4205    EXIST::FUNCTION:
+EVP_DigestVerifyFinal                   4206    EXIST::FUNCTION:
+EVP_PKEY_print_params                   4207    EXIST::FUNCTION:
+i2d_CMS_bio_stream                      4208    EXIST::FUNCTION:CMS
+TS_REQ_get_msg_imprint                  4209    EXIST::FUNCTION:
+OBJ_find_sigid_by_algs                  4210    EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  4211    EXIST::FUNCTION:
+TS_REQ_get_nonce                        4212    EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  4213    EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           4214    EXIST::FUNCTION:
+DIST_POINT_set_dpname                   4215    EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  4216    EXIST::FUNCTION:
+ASN1_SET_ANY_it                         4217    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         4217    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_CTX_get_data                   4218    EXIST::FUNCTION:
+TS_STATUS_INFO_print_bio                4219    EXIST::FUNCTION:
+EVP_PKEY_derive_init                    4220    EXIST::FUNCTION:
+d2i_TS_TST_INFO                         4221    EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 4222    EXIST::FUNCTION:
+d2i_TS_RESP_bio                         4223    EXIST::FUNCTION:
+OTHERNAME_cmp                           4224    EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 4225    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               4226    EXIST::FUNCTION:
+TS_RESP_CTX_new                         4227    EXIST::FUNCTION:
+TS_RESP_set_tst_info                    4228    EXIST::FUNCTION:
+PKCS7_final                             4229    EXIST::FUNCTION:
+EVP_PKEY_base_id                        4230    EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             4231    EXIST::FUNCTION:
+TS_REQ_set_msg_imprint                  4232    EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       4233    EXIST::FUNCTION:
+TS_CONF_set_digests                     4234    EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT                      4235    EXIST::FUNCTION:
+EVP_PKEY_meth_set_ctrl                  4236    EXIST::FUNCTION:
+TS_REQ_get_ext_by_NID                   4237    EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    4238    EXIST::FUNCTION:
+BN_BLINDING_thread_id                   4239    EXIST::FUNCTION:
+TS_ACCURACY_new                         4240    EXIST::FUNCTION:
+X509_CRL_METHOD_free                    4241    EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  4242    EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  4243    EXIST::FUNCTION:
+CRYPTO_THREADID_current                 4244    EXIST::FUNCTION:
+EVP_PKEY_decrypt_init                   4245    EXIST::FUNCTION:
+NETSCAPE_X509_free                      4246    EXIST::FUNCTION:
+i2b_PVK_bio                             4247    EXIST::FUNCTION:RC4
+EVP_PKEY_print_private                  4248    EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 4249    EXIST::FUNCTION:
+b2i_PVK_bio                             4250    EXIST::FUNCTION:RC4
+ASN1_UTCTIME_adj                        4251    EXIST::FUNCTION:
+TS_TST_INFO_new                         4252    EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    4253    EXIST::FUNCTION:
+TS_CONF_set_default_engine              4254    EXIST::FUNCTION:
+TS_ACCURACY_set_seconds                 4255    EXIST::FUNCTION:
+TS_TST_INFO_get_time                    4256    EXIST::FUNCTION:
+PKCS8_pkey_get0                         4257    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      4258    EXIST::FUNCTION:
+OBJ_add_sigid                           4259    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  4260    EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  4261    EXIST::FUNCTION:
+EVP_PKEY_sign                           4262    EXIST::FUNCTION:
+OBJ_sigid_free                          4263    EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  4264    EXIST::FUNCTION:
+d2i_ESS_ISSUER_SERIAL                   4265    EXIST::FUNCTION:
+ISSUING_DIST_POINT_new                  4266    EXIST::FUNCTION:
+ASN1_TIME_adj                           4267    EXIST::FUNCTION:
+TS_OBJ_print_bio                        4268    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        4269    EXIST:!VMS:FUNCTION:
+EVP_PKEY_meth_set_vrfy_recover          4269    EXIST:VMS:FUNCTION:
+TS_RESP_get_status_info                 4270    EXIST::FUNCTION:
+CMS_stream                              4271    EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_cb                     4272    EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    4273    EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 4274    EXIST::FUNCTION:
+TS_TST_INFO_add_ext                     4275    EXIST::FUNCTION:
+EVP_PKEY_meth_set_derive                4276    EXIST::FUNCTION:
+i2d_TS_RESP_fp                          4277    EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  4278    EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                4279    EXIST::FUNCTION:
+TS_REQ_set_nonce                        4280    EXIST::FUNCTION:
+ESS_CERT_ID_new                         4281    EXIST::FUNCTION:
+ENGINE_pkey_asn1_find_str               4282    EXIST::FUNCTION:ENGINE
+TS_REQ_get_ext_count                    4283    EXIST::FUNCTION:
+BUF_reverse                             4284    EXIST::FUNCTION:
+TS_TST_INFO_print_bio                   4285    EXIST::FUNCTION:
+d2i_ISSUING_DIST_POINT                  4286    EXIST::FUNCTION:
+ENGINE_get_pkey_meths                   4287    EXIST::FUNCTION:ENGINE
+i2b_PrivateKey_bio                      4288    EXIST::FUNCTION:
+i2d_TS_RESP                             4289    EXIST::FUNCTION:
+b2i_PublicKey                           4290    EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   4291    EXIST::FUNCTION:
+TS_STATUS_INFO_free                     4292    EXIST::FUNCTION:
+TS_RESP_verify_token                    4293    EXIST::FUNCTION:
+OBJ_bsearch_ex_                         4294    EXIST::FUNCTION:
+ASN1_bn_print                           4295    EXIST::FUNCTION:BIO
+EVP_PKEY_asn1_get_count                 4296    EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         4297    EXIST::FUNCTION:ENGINE
+ASN1_PCTX_set_nm_flags                  4298    EXIST::FUNCTION:
+EVP_DigestVerifyInit                    4299    EXIST::FUNCTION:
+ENGINE_set_default_pkey_meths           4300    EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               4301    EXIST::FUNCTION:
+TS_REQ_get_cert_req                     4302    EXIST::FUNCTION:
+X509_CRL_set_meth_data                  4303    EXIST::FUNCTION:
+PKCS8_pkey_set0                         4304    EXIST::FUNCTION:
+ASN1_STRING_copy                        4305    EXIST::FUNCTION:
+d2i_TS_TST_INFO_fp                      4306    EXIST::FUNCTION:
+X509_CRL_match                          4307    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_private               4308    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 4309    EXIST::FUNCTION:
+TS_RESP_CTX_add_policy                  4310    EXIST::FUNCTION:
+d2i_TS_RESP                             4311    EXIST::FUNCTION:
+TS_CONF_load_certs                      4312    EXIST::FUNCTION:
+TS_TST_INFO_get_msg_imprint             4313    EXIST::FUNCTION:
+ERR_load_TS_strings                     4314    EXIST::FUNCTION:
+TS_TST_INFO_get_version                 4315    EXIST::FUNCTION:
+EVP_PKEY_CTX_dup                        4316    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                4317    EXIST::FUNCTION:
+i2b_PublicKey_bio                       4318    EXIST::FUNCTION:
+TS_CONF_set_certs                       4319    EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 4320    EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      4321    EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              4322    EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               4323    EXIST::FUNCTION:
+X509_CRL_get_meth_data                  4324    EXIST::FUNCTION:
+TS_RESP_CTX_set_time_cb                 4325    EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_msg                  4326    EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    4327    EXIST::FUNCTION:
+TS_REQ_get_version                      4328    EXIST::FUNCTION:
+TS_REQ_add_ext                          4329    EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               4330    EXIST::FUNCTION:
+OBJ_bsearch_                            4331    EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             4332    EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    4333    EXIST::FUNCTION:
+CRYPTO_THREADID_set_numeric             4334    EXIST::FUNCTION:
+PKCS7_sign_add_signer                   4335    EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     4336    EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                4337    EXIST::FUNCTION:
+TS_RESP_print_bio                       4338    EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    4339    EXIST::FUNCTION:
+HMAC_CTX_copy                           4340    EXIST::FUNCTION:HMAC
+PKCS5_pbe2_set_iv                       4341    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              4342    EXIST::FUNCTION:ENGINE
+b2i_PrivateKey                          4343    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_app_data               4344    EXIST::FUNCTION:
+TS_REQ_set_cert_req                     4345    EXIST::FUNCTION:
+CRYPTO_THREADID_set_callback            4346    EXIST::FUNCTION:
+TS_CONF_set_serial                      4347    EXIST::FUNCTION:
+TS_TST_INFO_free                        4348    EXIST::FUNCTION:
+d2i_TS_REQ_fp                           4349    EXIST::FUNCTION:
+TS_RESP_verify_response                 4350    EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   4351    EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 4352    EXIST::FUNCTION:
+EVP_CIPHER_do_all                       4353    EXIST::FUNCTION:
+b2i_PrivateKey_bio                      4354    EXIST::FUNCTION:
+OCSP_CERTID_dup                         4355    EXIST::FUNCTION:
+X509_PUBKEY_get0_param                  4356    EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      4357    EXIST::FUNCTION:
+PKCS7_print_ctx                         4358    EXIST::FUNCTION:
+i2d_TS_REQ_bio                          4359    EXIST::FUNCTION:
+EVP_whirlpool                           4360    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+EVP_PKEY_asn1_set_param                 4361    EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               4362    EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     4363    EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         4364    EXIST::FUNCTION:
+TS_VERIFY_CTX_new                       4365    EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            4366    EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          4367    EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_set_status_info_cond        4368    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_stat_info_cond          4368    EXIST:VMS:FUNCTION:
+EVP_PKEY_verify                         4369    EXIST::FUNCTION:
+WHIRLPOOL_Final                         4370    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_CRL_METHOD_new                     4371    EXIST::FUNCTION:
+EVP_DigestSignFinal                     4372    EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              4373    EXIST::FUNCTION:
+NETSCAPE_X509_it                        4374    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_X509_it                        4374    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_create_response                 4375    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             4376    EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   4377    EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    4378    EXIST::FUNCTION:
+TS_TST_INFO_set_policy_id               4379    EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           4380    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  4381    EXIST::FUNCTION:
+d2i_TS_REQ                              4382    EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  4383    EXIST::FUNCTION:
+BIO_f_asn1                              4384    EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    4385    EXIST::FUNCTION:
+EVP_PBE_find                            4386    EXIST::FUNCTION:
+X509_CRL_get0_by_cert                   4387    EXIST::FUNCTION:
+EVP_PKEY_derive                         4388    EXIST::FUNCTION:
+i2d_TS_REQ                              4389    EXIST::FUNCTION:
+TS_TST_INFO_delete_ext                  4390    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  4391    EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 4392    EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           4393    EXIST::FUNCTION:ENGINE
+TS_CONF_set_signer_key                  4394    EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  4395    EXIST::FUNCTION:
+TS_RESP_get_token                       4396    EXIST::FUNCTION:
+TS_ACCURACY_dup                         4397    EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     4398    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_reg_all_pkey_asn1_meths          4398    EXIST:VMS:FUNCTION:ENGINE
+X509_CRL_set_default_method             4399    EXIST::FUNCTION:
+CRYPTO_THREADID_hash                    4400    EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               4401    EXIST::FUNCTION:CMS
+TS_RESP_free                            4402    EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 4403    EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   4404    EXIST::FUNCTION:
+CMS_add1_crl                            4405    EXIST::FUNCTION:CMS
+PKCS7_add1_attrib_digest                4406    EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      4407    EXIST::FUNCTION:
+TS_TST_INFO_dup                         4408    EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              4409    EXIST::FUNCTION:ENGINE
+PEM_write_bio_Parameters                4410    EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                4411    EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 4412    EXIST::FUNCTION:
+TS_TST_INFO_set_version                 4413    EXIST::FUNCTION:
+TS_RESP_CTX_get_tst_info                4414    EXIST::FUNCTION:
+TS_RESP_verify_signature                4415    EXIST::FUNCTION:
+CRYPTO_THREADID_get_callback            4416    EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     4417    EXIST::FUNCTION:
+TS_STATUS_INFO_new                      4418    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     4419    EXIST::FUNCTION:
+TS_REQ_get_ext_d2i                      4420    EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             4421    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               4422    EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 4423    EXIST::FUNCTION:
+i2d_NETSCAPE_X509                       4424    EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             4425    EXIST::FUNCTION:ENGINE
+EVP_PKEY_meth_set_signctx               4426    EXIST::FUNCTION:
+EVP_PKEY_asn1_copy                      4427    EXIST::FUNCTION:
+ASN1_TYPE_cmp                           4428    EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                4429    EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       4430    EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   4431    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   4431    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   4432    EXIST::FUNCTION:
+X509_STORE_get1_certs                   4433    EXIST::FUNCTION:
+EVP_PKEY_CTX_get_operation              4434    EXIST::FUNCTION:
+d2i_ESS_SIGNING_CERT                    4435    EXIST::FUNCTION:
+TS_CONF_set_ordering                    4436    EXIST::FUNCTION:
+EVP_PBE_alg_add_type                    4437    EXIST::FUNCTION:
+TS_REQ_set_version                      4438    EXIST::FUNCTION:
+EVP_PKEY_get0                           4439    EXIST::FUNCTION:
+BIO_asn1_set_suffix                     4440    EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      4441    EXIST::FUNCTION:
+EVP_MD_do_all                           4442    EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                4443    EXIST::FUNCTION:
+PKCS7_add_attrib_content_type           4444    EXIST::FUNCTION:
+ERR_remove_thread_state                 4445    EXIST::FUNCTION:
+EVP_PKEY_meth_add0                      4446    EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     4447    EXIST::FUNCTION:
+EVP_PKEY_meth_new                       4448    EXIST::FUNCTION:
+WHIRLPOOL_Update                        4449    EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_CONF_set_accuracy                    4450    EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 4451    EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    4452    EXIST::FUNCTION:
+d2i_TS_REQ_bio                          4453    EXIST::FUNCTION:
+X509_time_adj_ex                        4454    EXIST::FUNCTION:
+TS_RESP_CTX_add_flags                   4455    EXIST::FUNCTION:
+d2i_TS_STATUS_INFO                      4456    EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  4457    EXIST::FUNCTION:
+BIO_asn1_get_suffix                     4458    EXIST::FUNCTION:
+TS_REQ_free                             4459    EXIST::FUNCTION:
+EVP_PKEY_meth_free                      4460    EXIST::FUNCTION:
+TS_REQ_get_exts                         4461    EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  4462    EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_clk_prec_digits         4462    EXIST:VMS:FUNCTION:
+TS_RESP_CTX_add_failure_info            4463    EXIST::FUNCTION:
+i2d_TS_RESP_bio                         4464    EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               4465    EXIST::FUNCTION:
+PEM_write_bio_CMS_stream                4466    EXIST::FUNCTION:CMS
+TS_REQ_new                              4467    EXIST::FUNCTION:
+TS_MSG_IMPRINT_new                      4468    EXIST::FUNCTION:
+EVP_PKEY_meth_find                      4469    EXIST::FUNCTION:
+EVP_PKEY_id                             4470    EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  4471    EXIST::FUNCTION:
+a2i_GENERAL_NAME                        4472    EXIST::FUNCTION:
+TS_CONF_set_crypto_device               4473    EXIST::FUNCTION:
+EVP_PKEY_verify_init                    4474    EXIST::FUNCTION:
+TS_CONF_set_policies                    4475    EXIST::FUNCTION:
+ASN1_PCTX_new                           4476    EXIST::FUNCTION:
+ESS_CERT_ID_free                        4477    EXIST::FUNCTION:
+ENGINE_unregister_pkey_meths            4478    EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_free                     4479    EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      4480    EXIST::FUNCTION:
+PKCS7_stream                            4481    EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   4482    EXIST::FUNCTION:
+TS_CONF_set_def_policy                  4483    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_adj                4484    EXIST::FUNCTION:
+NETSCAPE_X509_new                       4485    EXIST::FUNCTION:
+TS_ACCURACY_free                        4486    EXIST::FUNCTION:
+TS_RESP_get_tst_info                    4487    EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                4488    EXIST::FUNCTION:
+PEM_read_bio_Parameters                 4489    EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      4490    EXIST:!VMS:FUNCTION:
+TS_CONF_set_clk_prec_digits             4490    EXIST:VMS:FUNCTION:
+ESS_ISSUER_SERIAL_dup                   4491    EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  4492    EXIST::FUNCTION:
+ASN1_PCTX_get_str_flags                 4493    EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  4494    EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   4495    EXIST::FUNCTION:
+X509_check_akid                         4496    EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       4497    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_unreg_pkey_asn1_meths            4497    EXIST:VMS:FUNCTION:ENGINE
+ASN1_PCTX_free                          4498    EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               4499    EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     4500    EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 4501    EXIST::FUNCTION:
+EVP_PKEY_meth_set_cleanup               4502    EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      4503    EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   4504    EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             4505    EXIST::FUNCTION:
+GENERAL_NAME_cmp                        4506    EXIST::FUNCTION:
+d2i_ASN1_SET_ANY                        4507    EXIST::FUNCTION:
+ENGINE_set_pkey_meths                   4508    EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_fp                           4509    EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   4510    EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             4511    EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         4512    EXIST::FUNCTION:
+OBJ_find_sigid_algs                     4513    EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                4514    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC                       4515    EXIST::FUNCTION:
+EVP_PKEY_paramgen                       4516    EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              4517    EXIST::FUNCTION:
+BIO_new_PKCS7                           4518    EXIST::FUNCTION:
+EVP_PKEY_verify_recover                 4519    EXIST::FUNCTION:
+TS_ext_print_bio                        4520    EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               4521    EXIST::FUNCTION:
+check_defer                             4522    EXIST::FUNCTION:
+DSO_pathbyaddr                          4523    EXIST::FUNCTION:
+EVP_PKEY_set_type                       4524    EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  4525    EXIST::FUNCTION:
+TS_REQ_to_TS_VERIFY_CTX                 4526    EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  4527    EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                4528    EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     4529    EXIST::FUNCTION:
+EVP_PKEY_asn1_set_ctrl                  4530    EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_critical         4531    EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     4532    EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   4533    EXIST::FUNCTION:
+TS_CONF_set_signer_cert                 4534    EXIST::FUNCTION:
+X509_NAME_hash_old                      4535    EXIST::FUNCTION:
+ASN1_TIME_set_string                    4536    EXIST::FUNCTION:
+EVP_MD_flags                            4537    EXIST::FUNCTION:
+TS_RESP_CTX_free                        4538    EXIST::FUNCTION:
+DSAparams_dup                           4539    EXIST::FUNCTION:DSA
+DHparams_dup                            4540    EXIST::FUNCTION:DH
+OCSP_REQ_CTX_add1_header                4541    EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   4542    EXIST::FUNCTION:
+X509_STORE_set_verify_cb                4543    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         4544    EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          4545    EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      4546    EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get0_cur_issuer          4546    EXIST:VMS:FUNCTION:
+X509_issuer_name_hash_old               4547    EXIST::FUNCTION:MD5
+X509_subject_name_hash_old              4548    EXIST::FUNCTION:MD5
+EVP_CIPHER_CTX_copy                     4549    EXIST::FUNCTION:
+UI_method_get_prompt_constructor        4550    EXIST:!VMS:FUNCTION:
+UI_method_get_prompt_constructr         4550    EXIST:VMS:FUNCTION:
+UI_method_set_prompt_constructor        4551    EXIST:!VMS:FUNCTION:
+UI_method_set_prompt_constructr         4551    EXIST:VMS:FUNCTION:
+EVP_read_pw_string_min                  4552    EXIST::FUNCTION:
+CRYPTO_cts128_encrypt                   4553    EXIST::FUNCTION:
+CRYPTO_cts128_decrypt_block             4554    EXIST::FUNCTION:
+CRYPTO_cfb128_1_encrypt                 4555    EXIST::FUNCTION:
+CRYPTO_cbc128_encrypt                   4556    EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt                   4557    EXIST::FUNCTION:
+CRYPTO_ofb128_encrypt                   4558    EXIST::FUNCTION:
+CRYPTO_cts128_decrypt                   4559    EXIST::FUNCTION:
+CRYPTO_cts128_encrypt_block             4560    EXIST::FUNCTION:
+CRYPTO_cbc128_decrypt                   4561    EXIST::FUNCTION:
+CRYPTO_cfb128_encrypt                   4562    EXIST::FUNCTION:
+CRYPTO_cfb128_8_encrypt                 4563    EXIST::FUNCTION:
+OPENSSL_strcasecmp                      4564    EXIST::FUNCTION:
+OPENSSL_memcmp                          4565    EXIST::FUNCTION:
+OPENSSL_strncasecmp                     4566    EXIST::FUNCTION:
+OPENSSL_gmtime                          4567    EXIST::FUNCTION:
+OPENSSL_gmtime_adj                      4568    EXIST::FUNCTION:
+SRP_VBASE_get_by_user                   4569    EXIST::FUNCTION:SRP
+SRP_Calc_server_key                     4570    EXIST::FUNCTION:SRP
+SRP_create_verifier                     4571    EXIST::FUNCTION:SRP
+SRP_create_verifier_BN                  4572    EXIST::FUNCTION:SRP
+SRP_Calc_u                              4573    EXIST::FUNCTION:SRP
+SRP_VBASE_free                          4574    EXIST::FUNCTION:SRP
+SRP_Calc_client_key                     4575    EXIST::FUNCTION:SRP
+SRP_get_default_gN                      4576    EXIST::FUNCTION:SRP
+SRP_Calc_x                              4577    EXIST::FUNCTION:SRP
+SRP_Calc_B                              4578    EXIST::FUNCTION:SRP
+SRP_VBASE_new                           4579    EXIST::FUNCTION:SRP
+SRP_check_known_gN_param                4580    EXIST::FUNCTION:SRP
+SRP_Calc_A                              4581    EXIST::FUNCTION:SRP
+SRP_Verify_A_mod_N                      4582    EXIST::FUNCTION:SRP
+SRP_VBASE_init                          4583    EXIST::FUNCTION:SRP
+SRP_Verify_B_mod_N                      4584    EXIST::FUNCTION:SRP
+EC_KEY_set_public_key_affine_coordinates 4585   EXIST:!VMS:FUNCTION:EC
+EC_KEY_set_pub_key_aff_coords           4585    EXIST:VMS:FUNCTION:EC
+EVP_aes_192_ctr                         4586    EXIST::FUNCTION:AES
+EVP_PKEY_meth_get0_info                 4587    EXIST::FUNCTION:
+EVP_PKEY_meth_copy                      4588    EXIST::FUNCTION:
+ERR_add_error_vdata                     4589    EXIST::FUNCTION:
+EVP_aes_128_ctr                         4590    EXIST::FUNCTION:AES
+EVP_aes_256_ctr                         4591    EXIST::FUNCTION:AES
+EC_GFp_nistp224_method                  4592    EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_KEY_get_flags                        4593    EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS_mgf1          4594    EXIST::FUNCTION:RSA
+EVP_aes_128_xts                         4595    EXIST::FUNCTION:AES
+private_SHA224_Init                     4596    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+private_AES_set_decrypt_key             4597    EXIST::FUNCTION:AES
+private_WHIRLPOOL_Init                  4598    EXIST:OPENSSL_FIPS:FUNCTION:WHIRLPOOL
+EVP_aes_256_xts                         4599    EXIST::FUNCTION:AES
+private_SHA512_Init                     4600    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_128_gcm                         4601    EXIST::FUNCTION:AES
+EC_KEY_clear_flags                      4602    EXIST::FUNCTION:EC
+EC_KEY_set_flags                        4603    EXIST::FUNCTION:EC
+private_DES_set_key_unchecked           4604    EXIST:OPENSSL_FIPS:FUNCTION:DES
+EVP_aes_256_ccm                         4605    EXIST::FUNCTION:AES
+private_AES_set_encrypt_key             4606    EXIST::FUNCTION:AES
+RSA_verify_PKCS1_PSS_mgf1               4607    EXIST::FUNCTION:RSA
+private_SHA1_Init                       4608    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA1
+EVP_aes_128_ccm                         4609    EXIST::FUNCTION:AES
+private_SEED_set_key                    4610    EXIST:OPENSSL_FIPS:FUNCTION:SEED
+EVP_aes_192_gcm                         4611    EXIST::FUNCTION:AES
+X509_ALGOR_set_md                       4612    EXIST::FUNCTION:
+private_SHA256_Init                     4613    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+RAND_init_fips                          4614    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_gcm                         4615    EXIST::FUNCTION:AES
+private_SHA384_Init                     4616    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_192_ccm                         4617    EXIST::FUNCTION:AES
+CMAC_CTX_copy                           4618    EXIST::FUNCTION:
+CMAC_CTX_free                           4619    EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx                4620    EXIST::FUNCTION:
+CMAC_CTX_cleanup                        4621    EXIST::FUNCTION:
+CMAC_Init                               4622    EXIST::FUNCTION:
+CMAC_Update                             4623    EXIST::FUNCTION:
+CMAC_resume                             4624    EXIST::FUNCTION:
+CMAC_CTX_new                            4625    EXIST::FUNCTION:
+CMAC_Final                              4626    EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt_ctr32             4627    EXIST::FUNCTION:
+CRYPTO_gcm128_release                   4628    EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt_ccm64             4629    EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt                   4630    EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt                   4631    EXIST::FUNCTION:
+CRYPTO_xts128_encrypt                   4632    EXIST::FUNCTION:
+EVP_rc4_hmac_md5                        4633    EXIST::FUNCTION:MD5,RC4
+CRYPTO_nistcts128_decrypt_block         4634    EXIST::FUNCTION:
+CRYPTO_gcm128_setiv                     4635    EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt               4636    EXIST::FUNCTION:
+EVP_aes_128_cbc_hmac_sha1               4637    EXIST::FUNCTION:AES,SHA,SHA1
+CRYPTO_gcm128_tag                       4638    EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt_ccm64             4639    EXIST::FUNCTION:
+ENGINE_load_rdrand                      4640    EXIST::FUNCTION:ENGINE
+CRYPTO_ccm128_setiv                     4641    EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt_block         4642    EXIST::FUNCTION:
+CRYPTO_gcm128_aad                       4643    EXIST::FUNCTION:
+CRYPTO_ccm128_init                      4644    EXIST::FUNCTION:
+CRYPTO_nistcts128_decrypt               4645    EXIST::FUNCTION:
+CRYPTO_gcm128_new                       4646    EXIST::FUNCTION:
+CRYPTO_ccm128_tag                       4647    EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt                   4648    EXIST::FUNCTION:
+CRYPTO_ccm128_aad                       4649    EXIST::FUNCTION:
+CRYPTO_gcm128_init                      4650    EXIST::FUNCTION:
+CRYPTO_gcm128_decrypt                   4651    EXIST::FUNCTION:
+ENGINE_load_rsax                        4652    EXIST::FUNCTION:ENGINE
+CRYPTO_gcm128_decrypt_ctr32             4653    EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt_ctr32             4654    EXIST::FUNCTION:
+CRYPTO_gcm128_finish                    4655    EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha1               4656    EXIST::FUNCTION:AES,SHA,SHA1
+PKCS5_pbkdf2_set                        4657    EXIST::FUNCTION:
+CMS_add0_recipient_password             4658    EXIST::FUNCTION:CMS
+CMS_decrypt_set1_password               4659    EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_password         4660    EXIST::FUNCTION:CMS
+RAND_set_fips_drbg_type                 4661    EXIST:OPENSSL_FIPS:FUNCTION:
+X509_REQ_sign_ctx                       4662    EXIST::FUNCTION:EVP
+RSA_PSS_PARAMS_new                      4663    EXIST::FUNCTION:RSA
+X509_CRL_sign_ctx                       4664    EXIST::FUNCTION:EVP
+X509_signature_dump                     4665    EXIST::FUNCTION:EVP
+d2i_RSA_PSS_PARAMS                      4666    EXIST::FUNCTION:RSA
+RSA_PSS_PARAMS_it                       4667    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_PSS_PARAMS_it                       4667    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+RSA_PSS_PARAMS_free                     4668    EXIST::FUNCTION:RSA
+X509_sign_ctx                           4669    EXIST::FUNCTION:EVP
+i2d_RSA_PSS_PARAMS                      4670    EXIST::FUNCTION:RSA
+ASN1_item_sign_ctx                      4671    EXIST::FUNCTION:EVP
+EC_GFp_nistp521_method                  4672    EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_GFp_nistp256_method                  4673    EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+OPENSSL_stderr                          4674    EXIST::FUNCTION:
+OPENSSL_cpuid_setup                     4675    EXIST::FUNCTION:
+OPENSSL_showfatal                       4676    EXIST::FUNCTION:
+BIO_new_dgram_sctp                      4677    EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_msg_waiting              4678    EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_wait_for_dry             4679    EXIST::FUNCTION:SCTP
+BIO_s_datagram_sctp                     4680    EXIST::FUNCTION:DGRAM,SCTP
+BIO_dgram_is_sctp                       4681    EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_notification_cb          4682    EXIST::FUNCTION:SCTP
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
new file mode 100644
index 0000000000..458f830401
--- /dev/null
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -0,0 +1,1231 @@
+#!/usr/local/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+
+$INSTALLTOP="/usr/local/ssl";
+$OPENSSLDIR="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+$banner="\t\@echo Building OpenSSL";
+
+my $no_static_engine = 1;
+my $engines = "";
+my $otherlibs = "";
+local $zlib_opt = 0;    # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+local $perl_asm = 0;    # 1 to autobuild asm files from perl scripts
+
+my $ex_l_libs = "";
+
+# Options to import from top level Makefile
+
+my %mf_import = (
+        VERSION        => \$ssl_version,
+        OPTIONS        => \$OPTIONS,
+        INSTALLTOP     => \$INSTALLTOP,
+        OPENSSLDIR     => \$OPENSSLDIR,
+        PLATFORM       => \$mf_platform,
+        CFLAG          => \$mf_cflag,
+        DEPFLAG        => \$mf_depflag,
+        CPUID_OBJ      => \$mf_cpuid_asm,
+        BN_ASM         => \$mf_bn_asm,
+        DES_ENC        => \$mf_des_asm,
+        AES_ENC        => \$mf_aes_asm,
+        BF_ENC         => \$mf_bf_asm,
+        CAST_ENC       => \$mf_cast_asm,
+        RC4_ENC        => \$mf_rc4_asm,
+        RC5_ENC        => \$mf_rc5_asm,
+        MD5_ASM_OBJ    => \$mf_md5_asm,
+        SHA1_ASM_OBJ   => \$mf_sha_asm,
+        RMD160_ASM_OBJ => \$mf_rmd_asm,
+        WP_ASM_OBJ     => \$mf_wp_asm,
+        CMLL_ENC       => \$mf_cm_asm,
+        BASEADDR       => \$baseaddr,
+        FIPSDIR        => \$fipsdir,
+);
+
+
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    my ($mf_opt, $mf_ref);
+    while (($mf_opt, $mf_ref) = each %mf_import) {
+        if (/^$mf_opt\s*=\s*(.*)$/) {
+           $$mf_ref = $1;
+        }
+    }
+}
+close(IN);
+
+$debug = 1 if $mf_platform =~ /^debug-/;
+
+die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
+
+$infile="MINFO";
+
+%ops=(
+        "VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+        "VC-WIN64I",  "Microsoft C/C++ - Win64/IA-64",
+        "VC-WIN64A",  "Microsoft C/C++ - Win64/x64",
+        "VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
+        "VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
+        "Mingw32", "GNU C++ - Windows NT or 9x",
+        "Mingw32-files", "Create files with DOS copy ...",
+        "BC-NT",   "Borland C++ 4.5 - Windows NT",
+        "linux-elf","Linux elf",
+        "ultrix-mips","DEC mips ultrix",
+        "FreeBSD","FreeBSD distribution",
+        "OS2-EMX", "EMX GCC OS/2",
+        "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+        "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
+        "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
+        "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
+        "default","cc under unix",
+        "auto", "auto detect from top level Makefile"
+        );
+
+$platform="";
+my $xcflags="";
+foreach (@ARGV)
+        {
+        if (!&read_options && !defined($ops{$_}))
+                {
+                print STDERR "unknown option - $_\n";
+                print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+                print STDERR "\nwhere [system] can be one of the following\n";
+                foreach $i (sort keys %ops)
+                { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+                print STDERR <<"EOF";
+and [options] can be one of
+        no-md2 no-md4 no-md5 no-sha no-mdc2     - Skip this digest
+        no-ripemd
+        no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
+        no-bf no-cast no-aes no-camellia no-seed
+        no-rsa no-dsa no-dh                     - Skip this public key cipher
+        no-ssl2 no-ssl3                         - Skip this version of SSL
+        just-ssl                                - remove all non-ssl keys/digest
+        no-asm                                  - No x86 asm
+        no-krb5                                 - No KRB5
+        no-srp                                  - No SRP
+        no-ec                                   - No EC
+        no-ecdsa                                - No ECDSA
+        no-ecdh                                 - No ECDH
+        no-engine                               - No engine
+        no-hw                                   - No hw
+        nasm                                    - Use NASM for x86 asm
+        nw-nasm                                 - Use NASM x86 asm for NetWare
+        nw-mwasm                                - Use Metrowerks x86 asm for NetWare
+        gaswin                                  - Use GNU as with Mingw32
+        no-socks                                - No socket code
+        no-err                                  - No error strings
+        dll/shlib                               - Build shared libraries (MS)
+        debug                                   - Debug build
+        profile                                 - Profiling build
+        gcc                                     - Use Gcc (unix)
+
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+
+-L<ex_lib_path> -l<ex_lib>                      - extra library flags (unix)
+-<ex_cc_flags>                                  - extra 'cc' flags,
+                                                  added (MS), or replace (unix)
+EOF
+                exit(1);
+                }
+        $platform=$_;
+        }
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
+        {
+        print STDERR "unknown option - $_\n" if !&read_options;
+        }
+
+$no_static_engine = 0 if (!$shlib);
+
+$no_mdc2=1 if ($no_des);
+
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+
+$perl="perl" unless defined $perl;
+$mkdir="-mkdir" unless defined $mkdir;
+
+($ssl,$crypto)=("ssl","crypto");
+$ranlib="echo ranlib";
+
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+
+# $bin_dir.=$o causes a core dump on my sparc :-(
+
+
+$NT=0;
+
+push(@INC,"util/pl","pl");
+
+if ($platform eq "auto") {
+        $platform = $mf_platform;
+        print STDERR "Imported platform $mf_platform\n";
+}
+
+if (($platform =~ /VC-(.+)/))
+        {
+        $FLAVOR=$1;
+        $NT = 1 if $1 eq "NT";
+        require 'VC-32.pl';
+        }
+elsif ($platform eq "Mingw32")
+        {
+        require 'Mingw32.pl';
+        }
+elsif ($platform eq "Mingw32-files")
+        {
+        require 'Mingw32f.pl';
+        }
+elsif ($platform eq "BC-NT")
+        {
+        $bc=1;
+        require 'BC-32.pl';
+        }
+elsif ($platform eq "FreeBSD")
+        {
+        require 'unix.pl';
+        $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+        }
+elsif ($platform eq "linux-elf")
+        {
+        require "unix.pl";
+        require "linux.pl";
+        $unix=1;
+        }
+elsif ($platform eq "ultrix-mips")
+        {
+        require "unix.pl";
+        require "ultrix.pl";
+        $unix=1;
+        }
+elsif ($platform eq "OS2-EMX")
+        {
+        $wc=1;
+        require 'OS2-EMX.pl';
+        }
+elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
+       ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
+        {
+        $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
+        $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
+        require 'netware.pl';
+        }
+else
+        {
+        require "unix.pl";
+
+        $unix=1;
+        $cflags.=' -DTERMIO';
+        }
+
+$fipsdir =~ s/\//${o}/g;
+
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
+$cflags.=" -DOPENSSL_NO_CAMELLIA"  if $no_camellia;
+$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
+$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
+$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
+$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
+$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
+$cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
+$cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
+$cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+
+if ($no_static_engine)
+        {
+        $cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
+        }
+else
+        {
+        $cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
+        }
+
+#$cflags.=" -DRSAref"  if $rsaref ne "";
+
+## if ($unix)
+##      { $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+        { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
+
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+
+if ($msdos)
+        {
+        $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
+        $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+        $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+        $banner.="\t\@echo documentation for details.\n";
+        }
+
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+
+$INSTALLTOP =~ s|/|$o|g;
+$OPENSSLDIR =~ s|/|$o|g;
+
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+
+        if ($key eq "KRB5_INCLUDES")
+                { $cflags .= " $val";}
+
+        if ($key eq "ZLIB_INCLUDE")
+                { $cflags .= " $val" if $val ne "";}
+
+        if ($key eq "LIBZLIB")
+                { $zlib_lib = "$val" if $val ne "";}
+
+        if ($key eq "LIBKRB5")
+                { $ex_libs .= " $val" if $val ne "";}
+
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val, 0); }
+
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val, 0); }
+
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "LIBNAME" && $no_static_engine)
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                $otherlibs .= " $lib";
+                }
+
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val, 1); }
+
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val, 1); }
+
+        if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
+                { $libobj=&var_add($dir,$val, 0); }
+        if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
+                { $engines.=$val }
+
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+
+if ($shlib)
+        {
+        $extra_install= <<"EOF";
+        \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
+        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
+        \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+        \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+        if ($no_static_engine)
+                {
+                $extra_install .= <<"EOF"
+        \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
+        \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\"
+EOF
+                }
+        }
+else
+        {
+        $extra_install= <<"EOF";
+        \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+        $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+        if ($fips)
+                {
+                $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+                $ex_l_libs .= " \$(O_FIPSCANISTER)";
+                }
+        }
+
+$defs= <<"EOF";
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+
+EOF
+
+$defs .= $preamble if defined $preamble;
+
+$defs.= <<"EOF";
+INSTALLTOP=$INSTALLTOP
+OPENSSLDIR=$OPENSSLDIR
+
+# Set your compiler options
+PLATFORM=$platform
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+
+# The OpenSSL directory
+SRC_D=$src_dir
+
+LINK=$link
+LFLAGS=$lflags
+RSC=$rsc
+
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
+
+PERL=$perl
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=$mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+
+# FIPS validated module and support file locations
+
+FIPSDIR=$fipsdir
+BASEADDR=$baseaddr
+FIPSLIB_D=\$(FIPSDIR)${o}lib
+FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
+O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
+FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
+E_PREMAIN_DSO=fips_premain_dso
+PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
+FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
+
+######################################################
+# You should not need to touch anything below this point
+######################################################
+
+E_EXE=openssl
+SSL=$ssl
+CRYPTO=$crypto
+
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+# ENG_D  - dynamic engine output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+ENG_D=\$(OUT_D)
+
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
+
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+
+######################################################
+# Don't touch anything below this point
+######################################################
+
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+
+#############################################
+EOF
+
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
+
+banner:
+$banner
+
+\$(TMP_D):
+        \$(MKDIR) \"\$(TMP_D)\"
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#       \$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#       \$(MKDIR) \$(TEST_D)
+
+\$(LIB_D):
+        \$(MKDIR) \"\$(LIB_D)\"
+
+\$(INCO_D): \$(INC_D)
+        \$(MKDIR) \"\$(INCO_D)\"
+
+\$(INC_D):
+        \$(MKDIR) \"\$(INC_D)\"
+
+headers: \$(HEADER) \$(EXHEADER)
+        @
+
+lib: \$(LIBS_DEP) \$(E_SHLIB)
+
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+
+install: all
+        \$(MKDIR) \"\$(INSTALLTOP)\"
+        \$(MKDIR) \"\$(INSTALLTOP)${o}bin\"
+        \$(MKDIR) \"\$(INSTALLTOP)${o}include\"
+        \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
+        \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
+        \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+        \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
+        \$(MKDIR) \"\$(OPENSSLDIR)\"
+        \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
+$extra_install
+
+
+test: \$(T_EXE)
+        cd \$(BIN_D)
+        ..${o}ms${o}test
+
+clean:
+        \$(RM) \$(TMP_D)$o*.*
+
+vclean:
+        \$(RM) \$(TMP_D)$o*.*
+        \$(RM) \$(OUT_D)$o*.*
+
+EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+        {
+        # Remove entry for this platform in existing file buildinf.h.
+
+        my $old_buildinf_h = "";
+        while (<IN>)
+                {
+                if (/^\#ifdef $platform_cpp_symbol$/)
+                        {
+                        while (<IN>) { last if (/^\#endif/); }
+                        }
+                else
+                        {
+                        $old_buildinf_h .= $_;
+                        }
+                }
+        close(IN);
+
+        open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+        print OUT $old_buildinf_h;
+        close(OUT);
+        }
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+  #define CFLAGS "$cc $cflags"
+  #define PLATFORM "$platform"
+EOF
+printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
+
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))  { $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
+
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
+
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+
+# Special case rule for fips_premain_dso
+
+if ($fips)
+        {
+        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+                "\$(FIPS_PREMAIN_SRC)",
+                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
+        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+        }
+
+foreach (values %lib_nam)
+        {
+        $lib_obj=$lib_obj{$_};
+        local($slib)=$shlib;
+
+        if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+                {
+                $rules.="\$(O_SSL):\n\n"; 
+                next;
+                }
+
+        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+        $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
+        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+        }
+
+# hack to add version info on MSVC
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+        || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
+    $rules.= <<"EOF";
+\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
+        \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
+
+\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
+        \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
+
+EOF
+}
+
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+        {
+        $t=&bname($_);
+        $tt="\$(OBJ_D)${o}$t${obj}";
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+        }
+
+$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp);
+
+foreach (split(/\s+/,$engines))
+        {
+        $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
+        $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
+        }
+
+
+
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+
+if ($fips)
+        {
+        if ($shlib)
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                                "\$(O_CRYPTO)", "$crypto",
+                                $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+                }
+        else
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                }
+        }
+        else
+        {
+        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+                                                        "\$(SO_CRYPTO)");
+        }
+
+foreach (split(" ",$otherlibs))
+        {
+        my $uc = $_;
+        $uc =~ tr /a-z/A-Z/;    
+        $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, "");
+
+        }
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
+
+print $defs;
+
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+        (cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
+EOF
+}
+print "###################################################################\n";
+print $rules;
+
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+        {
+        local($dir,$val,$keepext)=@_;
+        local(@a,$_,$ret);
+
+        return("") if $no_engine && $dir =~ /\/engine/;
+        return("") if $no_hw   && $dir =~ /\/hw/;
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_aes  && $dir =~ /\/aes/;
+        return("") if $no_camellia  && $dir =~ /\/camellia/;
+        return("") if $no_seed && $dir =~ /\/seed/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rc5  && $dir =~ /\/rc5/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        return("") if $no_ec   && $dir =~ /\/ec/;
+        return("") if $no_gost   && $dir =~ /\/ccgost/;
+        return("") if $no_cms  && $dir =~ /\/cms/;
+        return("") if $no_jpake  && $dir =~ /\/jpake/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        return("") if $no_whirlpool && $dir =~ /\/whrlpool/;
+
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a) unless $keepext;
+
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_ae$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_i$/,@a) if $no_aes;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/^e_camellia$/,@a) if $no_camellia;
+        @a=grep(!/^e_seed$/,@a) if $no_seed;
+
+        #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+
+        @a=grep(!/(srp)/,@a) if $no_srp;
+
+        @a=grep(!/^engine$/,@a) if $no_engine;
+        @a=grep(!/^hw$/,@a) if $no_hw;
+        @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
+
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+        {
+        local($w)=@_;
+
+        $w =~ s/^\s*(.*)\s*$/$1/;
+        $w =~ s/\s+/ /g;
+        return($w);
+        }
+
+sub do_defs
+        {
+        local($var,$files,$location,$postfix)=@_;
+        local($_,$ret,$pf);
+        local(*OUT,$tmp,$t);
+
+        $files =~ s/\//$o/g if $o ne '/';
+        $ret="$var="; 
+        $n=1;
+        $Vars{$var}.="";
+        foreach (split(/ /,$files))
+                {
+                $orig=$_;
+                $_=&bname($_) unless /^\$/;
+                if ($n++ == 2)
+                        {
+                        $n=0;
+                        $ret.="\\\n\t";
+                        }
+                if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+                        { $pf=".c"; }
+                else    { $pf=$postfix; }
+                if ($_ =~ /BN_ASM/)     { $t="$_ "; }
+                elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
+                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+                elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
+                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
+                else    { $t="$location${o}$_$pf "; }
+
+                $Vars{$var}.="$t ";
+                $ret.=$t;
+                }
+        # hack to add version info on MSVC
+        if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
+                {
+                if ($var eq "CRYPTOOBJ")
+                        { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
+                elsif ($var eq "SSLOBJ")
+                        { $ret.="\$(OBJ_D)\\\$(SSL).res "; }
+                }
+        chomp($ret);
+        $ret.="\n\n";
+        return($ret);
+        }
+
+# return the name with the leading path removed
+sub bname
+        {
+        local($ret)=@_;
+        $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+        return($ret);
+        }
+
+# return the leading path
+sub dname
+        {
+        my $ret=shift;
+        $ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/;
+        return($ret);
+        }
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+        {
+        local($to,$files,$ex)=@_;
+        local($ret,$_,$n,$d,$s);
+
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                $d=&dname($_);
+                if (-f "${_}.c")
+                        {
+                        $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.pl") or
+                       ($s=~s/sha256/sha512/ and -f $s) or
+                       -f ($s="${d}${o}${n}.pl"))
+                        {
+                        $ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                elsif (-f ($s="${d}${o}asm${o}${n}.S") or
+                       -f ($s="${d}${o}${n}.S"))
+                        {
+                        $ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n);
+                        }
+                else    { die "no rule for $_"; }
+                }
+        return($ret);
+        }
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub perlasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
+
+sub Sasm_compile_target
+        {
+        my($target,$source,$bname)=@_;
+        my($ret);
+
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
+        $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
+        $ret.="$target: \$(TMP_D)$o$bname.asm\n";
+        $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+        return($ret);
+        }
+
+sub cc_compile_target
+        {
+        local($target,$source,$ex_flags, $srcd)=@_;
+        local($ret);
+        
+        $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
+        $target =~ s/\//$o/g if $o ne "/";
+        $source =~ s/\//$o/g if $o ne "/";
+        $srcd = "\$(SRC_D)$o" unless defined $srcd;
+        $ret ="$target: $srcd$source\n\t";
+        $ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
+        return($ret);
+        }
+
+##############################################################
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+
+        @t=split(/\s+/,$target);
+        @s=split(/\s+/,$src);
+
+
+        for ($i=0; $i<=$#s; $i++)
+                {
+                my $objfile = $t[$i];
+                my $srcfile = $s[$i];
+
+                if ($perl_asm == 1)
+                        {
+                        my $plasm = $objfile;
+                        $plasm =~ s/${obj}/.pl/;
+                        $ret.="$srcfile: $plasm\n";
+                        $ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n";
+                        }
+
+                $ret.="$objfile: $srcfile\n";
+                $ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n";
+                }
+        return($ret);
+        }
+
+sub do_shlib_rule
+        {
+        local($n,$def)=@_;
+        local($ret,$nn);
+        local($t);
+
+        ($nn=$n) =~ tr/a-z/A-Z/;
+        $ret.="$n.dll: \$(${nn}OBJ)\n";
+        if ($vc && $w32)
+                {
+                $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+        {
+        local($to,$files,$p)=@_;
+        local($ret,$_,$n,$pp);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                if ($n =~ /bss_file/)
+                        { $pp=".c"; }
+                else    { $pp=$p; }
+                $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
+                }
+        return($ret);
+        }
+
+sub read_options
+        {
+        # Many options are handled in a similar way. In particular
+        # no-xxx sets zero or more scalars to 1.
+        # Process these using a hash containing the option name and
+        # reference to the scalars to set.
+
+        my %valid_options = (
+                "no-rc2" => \$no_rc2,
+                "no-rc4" => \$no_rc4,
+                "no-rc5" => \$no_rc5,
+                "no-idea" => \$no_idea,
+                "no-aes" => \$no_aes,
+                "no-camellia" => \$no_camellia,
+                "no-seed" => \$no_seed,
+                "no-des" => \$no_des,
+                "no-bf" => \$no_bf,
+                "no-cast" => \$no_cast,
+                "no-md2" => \$no_md2,
+                "no-md4" => \$no_md4,
+                "no-md5" => \$no_md5,
+                "no-sha" => \$no_sha,
+                "no-sha1" => \$no_sha1,
+                "no-ripemd" => \$no_ripemd,
+                "no-mdc2" => \$no_mdc2,
+                "no-whirlpool" => \$no_whirlpool,
+                "no-patents" => 
+                        [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
+                "no-rsa" => \$no_rsa,
+                "no-dsa" => \$no_dsa,
+                "no-dh" => \$no_dh,
+                "no-hmac" => \$no_hmac,
+                "no-asm" => \$no_asm,
+                "nasm" => \$nasm,
+                "nw-nasm" => \$nw_nasm,
+                "nw-mwasm" => \$nw_mwasm,
+                "gaswin" => \$gaswin,
+                "no-ssl2" => \$no_ssl2,
+                "no-ssl3" => \$no_ssl3,
+                "no-tlsext" => \$no_tlsext,
+                "no-srp" => \$no_srp,
+                "no-cms" => \$no_cms,
+                "no-ec2m" => \$no_ec2m,
+                "no-jpake" => \$no_jpake,
+                "no-ec_nistp_64_gcc_128" => 0,
+                "no-err" => \$no_err,
+                "no-sock" => \$no_sock,
+                "no-krb5" => \$no_krb5,
+                "no-ec" => \$no_ec,
+                "no-ecdsa" => \$no_ecdsa,
+                "no-ecdh" => \$no_ecdh,
+                "no-gost" => \$no_gost,
+                "no-engine" => \$no_engine,
+                "no-hw" => \$no_hw,
+                "no-rsax" => 0,
+                "just-ssl" =>
+                        [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+                          \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+                          \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
+                          \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
+                "rsaref" => 0,
+                "gcc" => \$gcc,
+                "debug" => \$debug,
+                "profile" => \$profile,
+                "shlib" => \$shlib,
+                "dll" => \$shlib,
+                "shared" => 0,
+                "no-sctp" => 0,
+                "no-gmp" => 0,
+                "no-rfc3779" => 0,
+                "no-montasm" => 0,
+                "no-shared" => 0,
+                "no-store" => 0,
+                "no-zlib" => 0,
+                "no-zlib-dynamic" => 0,
+                "fips" => \$fips
+                );
+
+        if (exists $valid_options{$_})
+                {
+                my $r = $valid_options{$_};
+                if ( ref $r eq "SCALAR")
+                        { $$r = 1;}
+                elsif ( ref $r eq "ARRAY")
+                        {
+                        my $r2;
+                        foreach $r2 (@$r)
+                                {
+                                $$r2 = 1;
+                                }
+                        }
+                }
+        elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
+        elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+        elsif (/^enable-zlib-dynamic$/)
+                {
+                $zlib_opt = 2;
+                }
+        elsif (/^no-static-engine/)
+                {
+                $no_static_engine = 1;
+                }
+        elsif (/^enable-static-engine/)
+                {
+                $no_static_engine = 0;
+                }
+        # There are also enable-xxx options which correspond to
+        # the no-xxx. Since the scalars are enabled by default
+        # these can be ignored.
+        elsif (/^enable-/)
+                {
+                my $t = $_;
+                $t =~ s/^enable/no/;
+                if (exists $valid_options{$t})
+                        {return 1;}
+                return 0;
+                }
+        # experimental-xxx is mostly like enable-xxx, but opensslconf.v
+        # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
+        # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
+        elsif (/^experimental-/)
+                {
+                my $algo, $ALGO;
+                ($algo = $_) =~ s/^experimental-//;
+                ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
+
+                $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
+                
+                }
+        elsif (/^--with-krb5-flavor=(.*)$/)
+                {
+                my $krb5_flavor = $1;
+                if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+                        {
+                        $xcflags="-DKRB5_HEIMDAL $xcflags";
+                        }
+                elsif ($krb5_flavor =~ /^MIT/i)
+                        {
+                        $xcflags="-DKRB5_MIT $xcflags";
+                        if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+                                {
+                                $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+                                }
+                        }
+                }
+        elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; }
+        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
+        elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+                { $c_flags.="$_ "; }
+        else { return(0); }
+        return(1);
+        }
diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh
new file mode 100644
index 0000000000..0184fcb70e
--- /dev/null
+++ b/src/lib/libcrypto/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!/bin/sh
+
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
+
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout pca-key.pem \
+        -out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+        echo problems generating PCA request
+        exit 1
+fi
+
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -md5 -days 1461 \
+        -req -signkey pca-key.pem \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -in pca-req.pem -out pca-cert.pem
+
+if [ $? != 0 ]; then
+        echo problems self signing PCA cert
+        exit 1
+fi
+echo
+
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout ca-key.pem \
+        -out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+        echo problems generating CA request
+        exit 1
+fi
+
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -md5 -days 1461 \
+        -req \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -CA pca-cert.pem -CAkey pca-key.pem \
+        -in ca-req.pem -out ca-cert.pem
+
+if [ $? != 0 ]; then
+        echo problems signing CA cert
+        exit 1
+fi
+echo
+
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout s512-key.pem \
+        -out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+        echo problems generating 512 bit server cert request
+        exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s512-req.pem -out server.pem
+
+if [ $? != 0 ]; then
+        echo problems signing 512 bit server cert
+        exit 1
+fi
+echo
+
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 1024 \
+        -keyout s1024key.pem \
+        -out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+        echo problems generating 1024 bit server cert request
+        exit 1
+fi
+
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s1024req.pem -out server2.pem
+
+if [ $? != 0 ]; then
+        echo problems signing 1024 bit server cert
+        exit 1
+fi
+echo
+
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout c512-key.pem \
+        -out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+
+
+
+EOF
+
+if [ $? != 0 ]; then
+        echo problems generating 512 bit client cert request
+        exit 1
+fi
+
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in c512-req.pem -out client.pem
+
+if [ $? != 0 ]; then
+        echo problems signing 512 bit client cert
+        exit 1
+fi
+
+echo cleanup
+
+cat pca-key.pem  >> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+
+#/bin/rm -f *key.pem *req.pem *.srl
+
+echo Finished
+
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
new file mode 100644
index 0000000000..9a8c7b87d1
--- /dev/null
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -0,0 +1,1539 @@
+#!/usr/local/bin/perl -w
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+# Intermediary files are created, call libeay.num and ssleay.num,...
+# Previously, they had the following format:
+#
+#       routine-name    nnnn
+#
+# But that isn't enough for a number of reasons, the first on being that
+# this format is (needlessly) very Win32-centric, and even then...
+# One of the biggest problems is that there's no information about what
+# routines should actually be used, which varies with what crypto algorithms
+# are disabled.  Also, some operating systems (for example VMS with VAX C)
+# need to keep track of the global variables as well as the functions.
+#
+# So, a remake of this script is done so as to include information on the
+# kind of symbol it is (function or variable) and what algorithms they're
+# part of.  This will allow easy translating to .def files or the corresponding
+# file in other operating systems (a .opt file for VMS, possibly with a .mar
+# file).
+#
+# The format now becomes:
+#
+#       routine-name    nnnn    info
+#
+# and the "info" part is actually a colon-separated string of fields with
+# the following meaning:
+#
+#       existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+
+my $debug=0;
+
+my $crypto_num= "util/libeay.num";
+my $ssl_num=    "util/ssleay.num";
+my $libname;
+
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
+
+my $VMSVAX=0;
+my $VMSNonVAX=0;
+my $VMS=0;
+my $W32=0;
+my $W16=0;
+my $NT=0;
+my $OS2=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
+
+my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
+                        "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
+my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
+                         "SHA256", "SHA512", "RIPEMD",
+                         "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
+                         "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
+                         # EC_NISTP_64_GCC_128
+                         "EC_NISTP_64_GCC_128",
+                         # Envelope "algorithms"
+                         "EVP", "X509", "ASN1_TYPEDEFS",
+                         # Helper "algorithms"
+                         "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+                         "LOCKING",
+                         # External "algorithms"
+                         "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
+                         # Engines
+                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+                         # RFC3779
+                         "RFC3779",
+                         # TLS
+                         "TLSEXT", "PSK", "SRP", "HEARTBEATS",
+                         # CMS
+                         "CMS",
+                         # CryptoAPI Engine
+                         "CAPIENG",
+                         # SSL v2
+                         "SSL2",
+                         # JPAKE
+                         "JPAKE",
+                         # NEXTPROTONEG
+                         "NEXTPROTONEG",
+                         # Deprecated functions
+                         "DEPRECATED",
+                         # Hide SSL internals
+                         "SSL_INTERN",
+                         # SCTP
+                         "SCTP");
+
+my $options="";
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+
+# The following ciphers may be excluded (by Configure). This means functions
+# defined with ifndef(NO_XXX) are not included in the .def file, and everything
+# in directory xxx is ignored.
+my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
+my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
+my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
+my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
+my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
+my $no_nextprotoneg; my $no_sctp;
+
+my $fips;
+
+my $zlib;
+
+
+foreach (@ARGV, split(/ /, $options))
+        {
+        $debug=1 if $_ eq "debug";
+        $W32=1 if $_ eq "32";
+        $W16=1 if $_ eq "16";
+        if($_ eq "NT") {
+                $W32 = 1;
+                $NT = 1;
+        }
+        if ($_ eq "VMS-VAX") {
+                $VMS=1;
+                $VMSVAX=1;
+        }
+        if ($_ eq "VMS-NonVAX") {
+                $VMS=1;
+                $VMSNonVAX=1;
+        }
+        $VMS=1 if $_ eq "VMS";
+        $OS2=1 if $_ eq "OS2";
+        $fips=1 if /^fips/;
+        if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+                         || $_ eq "enable-zlib-dynamic") {
+                $zlib = 1;
+        }
+
+        $do_ssl=1 if $_ eq "ssleay";
+        if ($_ eq "ssl") {
+                $do_ssl=1; 
+                $libname=$_
+        }
+        $do_crypto=1 if $_ eq "libeay";
+        if ($_ eq "crypto") {
+                $do_crypto=1;
+                $libname=$_;
+        }
+        $no_static_engine=1 if $_ eq "no-static-engine";
+        $no_static_engine=0 if $_ eq "enable-static-engine";
+        $do_update=1 if $_ eq "update";
+        $do_rewrite=1 if $_ eq "rewrite";
+        $do_ctest=1 if $_ eq "ctest";
+        $do_ctestall=1 if $_ eq "ctestall";
+        $do_checkexist=1 if $_ eq "exist";
+        #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
+
+        if    (/^no-rc2$/)      { $no_rc2=1; }
+        elsif (/^no-rc4$/)      { $no_rc4=1; }
+        elsif (/^no-rc5$/)      { $no_rc5=1; }
+        elsif (/^no-idea$/)     { $no_idea=1; }
+        elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
+        elsif (/^no-bf$/)       { $no_bf=1; }
+        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-whirlpool$/)     { $no_whirlpool=1; }
+        elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md4$/)      { $no_md4=1; }
+        elsif (/^no-md5$/)      { $no_md5=1; }
+        elsif (/^no-sha$/)      { $no_sha=1; }
+        elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+        elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+        elsif (/^no-rsa$/)      { $no_rsa=1; }
+        elsif (/^no-dsa$/)      { $no_dsa=1; }
+        elsif (/^no-dh$/)       { $no_dh=1; }
+        elsif (/^no-ec$/)       { $no_ec=1; }
+        elsif (/^no-ecdsa$/)    { $no_ecdsa=1; }
+        elsif (/^no-ecdh$/)     { $no_ecdh=1; }
+        elsif (/^no-hmac$/)     { $no_hmac=1; }
+        elsif (/^no-aes$/)      { $no_aes=1; }
+        elsif (/^no-camellia$/) { $no_camellia=1; }
+        elsif (/^no-seed$/)     { $no_seed=1; }
+        elsif (/^no-evp$/)      { $no_evp=1; }
+        elsif (/^no-lhash$/)    { $no_lhash=1; }
+        elsif (/^no-stack$/)    { $no_stack=1; }
+        elsif (/^no-err$/)      { $no_err=1; }
+        elsif (/^no-buffer$/)   { $no_buffer=1; }
+        elsif (/^no-bio$/)      { $no_bio=1; }
+        #elsif (/^no-locking$/) { $no_locking=1; }
+        elsif (/^no-comp$/)     { $no_comp=1; }
+        elsif (/^no-dso$/)      { $no_dso=1; }
+        elsif (/^no-krb5$/)     { $no_krb5=1; }
+        elsif (/^no-engine$/)   { $no_engine=1; }
+        elsif (/^no-hw$/)       { $no_hw=1; }
+        elsif (/^no-gmp$/)      { $no_gmp=1; }
+        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
+        elsif (/^no-tlsext$/)   { $no_tlsext=1; }
+        elsif (/^no-cms$/)      { $no_cms=1; }
+        elsif (/^no-ec2m$/)     { $no_ec2m=1; }
+        elsif (/^no-ec_nistp_64_gcc_128$/)      { $no_nistp_gcc=1; }
+        elsif (/^no-nextprotoneg$/)     { $no_nextprotoneg=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
+        elsif (/^no-capieng$/)  { $no_capieng=1; }
+        elsif (/^no-jpake$/)    { $no_jpake=1; }
+        elsif (/^no-srp$/)      { $no_srp=1; }
+        elsif (/^no-sctp$/)     { $no_sctp=1; }
+        }
+
+
+if (!$libname) { 
+        if ($do_ssl) {
+                $libname="SSLEAY";
+        }
+        if ($do_crypto) {
+                $libname="LIBEAY";
+        }
+}
+
+# If no platform is given, assume WIN32
+if ($W32 + $W16 + $VMS + $OS2 == 0) {
+        $W32 = 1;
+}
+
+# Add extra knowledge
+if ($W16) {
+        $no_fp_api=1;
+}
+
+if (!$do_ssl && !$do_crypto)
+        {
+        print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
+        exit(1);
+        }
+
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+my $ssl="ssl/ssl.h";
+$ssl.=" ssl/kssl.h";
+$ssl.=" ssl/tls1.h";
+$ssl.=" ssl/srtp.h";
+
+my $crypto ="crypto/crypto.h";
+$crypto.=" crypto/cryptlib.h";
+$crypto.=" crypto/o_dir.h";
+$crypto.=" crypto/o_str.h";
+$crypto.=" crypto/o_time.h";
+$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
+$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/whrlpool/whrlpool.h" ;
+$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
+$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
+$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
+$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
+$crypto.=" crypto/seed/seed.h"; # unless $no_seed;
+
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
+$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
+$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
+$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+$crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac;
+
+$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
+$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
+$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+
+$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1t.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h" ; # unless $no_err;
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/ts/ts.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
+$crypto.=" crypto/ocsp/ocsp.h";
+$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
+$crypto.=" crypto/krb5/krb5_asn.h";
+#$crypto.=" crypto/store/store.h";
+$crypto.=" crypto/pqueue/pqueue.h";
+$crypto.=" crypto/cms/cms.h";
+$crypto.=" crypto/jpake/jpake.h";
+$crypto.=" crypto/modes/modes.h";
+$crypto.=" crypto/srp/srp.h";
+
+my $symhacks="crypto/symhacks.h";
+
+my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+
+        &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$ssl_num");
+                &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
+        } else {
+                open(OUT, ">>$ssl_num");
+        }
+        &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
+        close OUT;
+}
+
+if($do_crypto == 1) {
+
+        &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$crypto_num");
+                &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
+        } else {
+                open(OUT, ">>$crypto_num");
+        }
+        &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
+        close OUT;
+} 
+
+} elsif ($do_checkexist) {
+        &check_existing(*ssl_list, @ssl_symbols)
+                if $do_ssl == 1;
+        &check_existing(*crypto_list, @crypto_symbols)
+                if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+
+        print <<"EOF";
+
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+
+int main()
+{
+EOF
+        &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
+                if $do_ssl == 1;
+
+        &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
+                if $do_crypto == 1;
+
+        print "}\n";
+
+} else {
+
+        &print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
+                if $do_ssl == 1;
+
+        &print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
+                if $do_crypto == 1;
+
+}
+
+
+sub do_defs
+{
+        my($name,$files,$symhacksfile)=@_;
+        my $file;
+        my @ret;
+        my %syms;
+        my %platform;           # For anything undefined, we assume ""
+        my %kind;               # For anything undefined, we assume "FUNCTION"
+        my %algorithm;          # For anything undefined, we assume ""
+        my %variant;
+        my %variant_cnt;        # To be able to allocate "name{n}" if "name"
+                                # is the same name as the original.
+        my $cpp;
+        my %unknown_algorithms = ();
+
+        foreach $file (split(/\s+/,$symhacksfile." ".$files))
+                {
+                print STDERR "DEBUG: starting on $file:\n" if $debug;
+                open(IN,"<$file") || die "unable to open $file:$!\n";
+                my $line = "", my $def= "";
+                my %tag = (
+                        (map { $_ => 0 } @known_platforms),
+                        (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+                        (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+                        NOPROTO         => 0,
+                        PERL5           => 0,
+                        _WINDLL         => 0,
+                        CONST_STRICT    => 0,
+                        TRUE            => 1,
+                );
+                my $symhacking = $file eq $symhacksfile;
+                my @current_platforms = ();
+                my @current_algorithms = ();
+
+                # params: symbol, alias, platforms, kind
+                # The reason to put this subroutine in a variable is that
+                # it will otherwise create it's own, unshared, version of
+                # %tag and %variant...
+                my $make_variant = sub
+                {
+                        my ($s, $a, $p, $k) = @_;
+                        my ($a1, $a2);
+
+                        print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+                        if (defined($p))
+                        {
+                                $a1 = join(",",$p,
+                                           grep(!/^$/,
+                                                map { $tag{$_} == 1 ? $_ : "" }
+                                                @known_platforms));
+                        }
+                        else
+                        {
+                                $a1 = join(",",
+                                           grep(!/^$/,
+                                                map { $tag{$_} == 1 ? $_ : "" }
+                                                @known_platforms));
+                        }
+                        $a2 = join(",",
+                                   grep(!/^$/,
+                                        map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+                                        @known_ossl_platforms));
+                        print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+                        if ($a1 eq "") { $a1 = $a2; }
+                        elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+                        if ($a eq $s)
+                        {
+                                if (!defined($variant_cnt{$s}))
+                                {
+                                        $variant_cnt{$s} = 0;
+                                }
+                                $variant_cnt{$s}++;
+                                $a .= "{$variant_cnt{$s}}";
+                        }
+                        my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+                        my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+                        if (!grep(/^$togrep$/,
+                                  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+                                if (defined($variant{$s})) { $variant{$s} .= ";"; }
+                                $variant{$s} .= $toadd;
+                        }
+                        print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+                };
+
+                print STDERR "DEBUG: parsing ----------\n" if $debug;
+                while(<IN>) {
+                        if (/\/\* Error codes for the \w+ functions\. \*\//)
+                                {
+                                undef @tag;
+                                last;
+                                }
+                        if ($line ne '') {
+                                $_ = $line . $_;
+                                $line = '';
+                        }
+
+                        if (/\\$/) {
+                                chomp; # remove eol
+                                chop; # remove ending backslash
+                                $line = $_;
+                                next;
+                        }
+
+                        if(/\/\*/) {
+                                if (not /\*\//) {       # multiline comment...
+                                        $line = $_;     # ... just accumulate
+                                        next;
+                                } else {
+                                        s/\/\*.*?\*\///gs;# wipe it
+                                }
+                        }
+
+                        if ($cpp) {
+                                $cpp++ if /^#\s*if/;
+                                $cpp-- if /^#\s*endif/;
+                                next;
+                        }
+                        $cpp = 1 if /^#.*ifdef.*cplusplus/;
+
+                        s/{[^{}]*}//gs;                      # ignore {} blocks
+                        print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+                        print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+                        if (/^\#\s*ifndef\s+(.*)/) {
+                                push(@tag,"-");
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                        } elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
+                                push(@tag,"-");
+                                if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
+                                        my $tmp_1 = $1;
+                                        my $tmp_;
+                                        foreach $tmp_ (split '\&\&',$tmp_1) {
+                                                $tmp_ =~ /!defined\(([^\)]+)\)/;
+                                                print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                                                push(@tag,$1);
+                                                $tag{$1}=-1;
+                                        }
+                                } else {
+                                        print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
+                                        print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                                        push(@tag,$1);
+                                        $tag{$1}=-1;
+                                }
+                        } elsif (/^\#\s*ifdef\s+(\S*)/) {
+                                push(@tag,"-");
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                        } elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
+                                push(@tag,"-");
+                                if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
+                                        my $tmp_1 = $1;
+                                        my $tmp_;
+                                        foreach $tmp_ (split '\|\|',$tmp_1) {
+                                                $tmp_ =~ /defined\(([^\)]+)\)/;
+                                                print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                                                push(@tag,$1);
+                                                $tag{$1}=1;
+                                        }
+                                } else {
+                                        print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
+                                        print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                                        push(@tag,$1);
+                                        $tag{$1}=1;
+                                }
+                        } elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+                                my $tag_i = $#tag;
+                                while($tag[$tag_i] ne "-") {
+                                        if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+                                                $tag{$tag[$tag_i]}=2;
+                                                print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+                                        }
+                                        $tag_i--;
+                                }
+                        } elsif (/^\#\s*endif/) {
+                                my $tag_i = $#tag;
+                                while($tag_i > 0 && $tag[$tag_i] ne "-") {
+                                        my $t=$tag[$tag_i];
+                                        print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+                                        if ($tag{$t}==2) {
+                                                $tag{$t}=-1;
+                                        } else {
+                                                $tag{$t}=0;
+                                        }
+                                        print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+                                        pop(@tag);
+                                        if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+                                                $t=$1;
+                                        } else {
+                                                $t="";
+                                        }
+                                        if ($t ne ""
+                                            && !grep(/^$t$/, @known_algorithms)) {
+                                                $unknown_algorithms{$t} = 1;
+                                                #print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+                                        }
+                                        $tag_i--;
+                                }
+                                pop(@tag);
+                        } elsif (/^\#\s*else/) {
+                                my $tag_i = $#tag;
+                                while($tag[$tag_i] ne "-") {
+                                        my $t=$tag[$tag_i];
+                                        $tag{$t}= -$tag{$t};
+                                        print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+                                        $tag_i--;
+                                }
+                        } elsif (/^\#\s*if\s+1/) {
+                                push(@tag,"-");
+                                # Dummy tag
+                                push(@tag,"TRUE");
+                                $tag{"TRUE"}=1;
+                                print STDERR "DEBUG: $file: found 1\n" if $debug;
+                        } elsif (/^\#\s*if\s+0/) {
+                                push(@tag,"-");
+                                # Dummy tag
+                                push(@tag,"TRUE");
+                                $tag{"TRUE"}=-1;
+                                print STDERR "DEBUG: $file: found 0\n" if $debug;
+                        } elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+                                 && $symhacking && $tag{'TRUE'} != -1) {
+                                # This is for aliasing.  When we find an alias,
+                                # we have to invert
+                                &$make_variant($1,$2);
+                                print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+                        }
+                        if (/^\#/) {
+                                @current_platforms =
+                                    grep(!/^$/,
+                                         map { $tag{$_} == 1 ? $_ :
+                                                   $tag{$_} == -1 ? "!".$_  : "" }
+                                         @known_platforms);
+                                push @current_platforms
+                                    , grep(!/^$/,
+                                           map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+                                                     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+                                           @known_ossl_platforms);
+                                @current_algorithms =
+                                    grep(!/^$/,
+                                         map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+                                         @known_algorithms);
+                                $def .=
+                                    "#INFO:"
+                                        .join(',',@current_platforms).":"
+                                            .join(',',@current_algorithms).";";
+                                next;
+                        }
+                        if ($tag{'TRUE'} != -1) {
+                                if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$3(void);";
+                                        $def .= "int i2d_$3(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$3(void);";
+                                        $def .= "int i2d_$3(void);";
+                                        $def .= "int $3_free(void);";
+                                        $def .= "int $3_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+                                         /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$1(void);";
+                                        $def .= "int i2d_$1(void);";
+                                        $def .= "int $1_free(void);";
+                                        $def .= "int $1_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $1_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$1_it","$1_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$2(void);";
+                                        $def .= "int i2d_$2(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
+                                        $def .= "int $1_free(void);";
+                                        $def .= "int $1_new(void);";
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$2(void);";
+                                        $def .= "int i2d_$2(void);";
+                                        $def .= "int $2_free(void);";
+                                        $def .= "int $2_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $1_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$1_it","$1_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+                                        $def .= "int i2d_$1_NDEF(void);";
+                                } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+                                        $def .= "int $1_print_ctx(void);";
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int $2_print_ctx(void);";
+                                        next;
+                                } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_read_$1(void);";
+                                        $def .= "int PEM_write_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_read_bio_$1(void);";
+                                        $def .= "int PEM_write_bio_$1(void);";
+                                        next;
+                                } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_write_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_write_bio_$1(void);";
+                                        next;
+                                } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_read_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_read_bio_$1(void);";
+                                        next;
+                                } elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int _shadow_$2;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("_shadow_$2","_shadow_$2",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                } elsif ($tag{'CONST_STRICT'} != 1) {
+                                        if (/\{|\/\*|\([^\)]*$/) {
+                                                $line = $_;
+                                        } else {
+                                                $def .= $_;
+                                        }
+                                }
+                        }
+                }
+                close(IN);
+
+                my $algs;
+                my $plays;
+
+                print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+                foreach (split /;/, $def) {
+                        my $s; my $k = "FUNCTION"; my $p; my $a;
+                        s/^[\n\s]*//g;
+                        s/[\n\s]*$//g;
+                        next if(/\#undef/);
+                        next if(/typedef\W/);
+                        next if(/\#define/);
+
+                        # Reduce argument lists to empty ()
+                        # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+                        while(/\(.*\)/s) {
+                                s/\([^\(\)]+\)/\{\}/gs;
+                                s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;    #(*f{}) -> f
+                        }
+                        # pretend as we didn't use curly braces: {} -> ()
+                        s/\{\}/\(\)/gs;
+
+                        s/STACK_OF\(\)/void/gs;
+                        s/LHASH_OF\(\)/void/gs;
+
+                        print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+                        if (/^\#INFO:([^:]*):(.*)$/) {
+                                $plats = $1;
+                                $algs = $2;
+                                print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+                                next;
+                        } elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+                                $s = $1;
+                                $k = "VARIABLE";
+                                print STDERR "DEBUG: found external variable $s\n" if $debug;
+                        } elsif (/TYPEDEF_\w+_OF/s) {
+                                next;
+                        } elsif (/(\w+)\s*\(\).*/s) {   # first token prior [first] () is
+                                $s = $1;                # a function name!
+                                print STDERR "DEBUG: found function $s\n" if $debug;
+                        } elsif (/\(/ and not (/=/)) {
+                                print STDERR "File $file: cannot parse: $_;\n";
+                                next;
+                        } else {
+                                next;
+                        }
+
+                        $syms{$s} = 1;
+                        $kind{$s} = $k;
+
+                        $p = $plats;
+                        $a = $algs;
+                        $a .= ",BF" if($s =~ /EVP_bf/);
+                        $a .= ",CAST" if($s =~ /EVP_cast/);
+                        $a .= ",DES" if($s =~ /EVP_des/);
+                        $a .= ",DSA" if($s =~ /EVP_dss/);
+                        $a .= ",IDEA" if($s =~ /EVP_idea/);
+                        $a .= ",MD2" if($s =~ /EVP_md2/);
+                        $a .= ",MD4" if($s =~ /EVP_md4/);
+                        $a .= ",MD5" if($s =~ /EVP_md5/);
+                        $a .= ",RC2" if($s =~ /EVP_rc2/);
+                        $a .= ",RC4" if($s =~ /EVP_rc4/);
+                        $a .= ",RC5" if($s =~ /EVP_rc5/);
+                        $a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+                        $a .= ",SHA" if($s =~ /EVP_sha/);
+                        $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
+                        $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
+                        $a .= ",RSA" if($s =~ /RSAPrivateKey/);
+                        $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+
+                        $platform{$s} =
+                            &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+                        $algorithm{$s} .= ','.$a;
+
+                        if (defined($variant{$s})) {
+                                foreach $v (split /;/,$variant{$s}) {
+                                        (my $r, my $p, my $k) = split(/:/,$v);
+                                        my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+                                        $syms{$r} = 1;
+                                        if (!defined($k)) { $k = $kind{$s}; }
+                                        $kind{$r} = $k."(".$s.")";
+                                        $algorithm{$r} = $algorithm{$s};
+                                        $platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+                                        $platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+                                        print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+                                }
+                        }
+                        print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
+                }
+        }
+
+        # Prune the returned symbols
+
+        delete $syms{"bn_dump1"};
+        $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
+
+        $platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+        $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+        $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+        $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+        $platform{"EVP_sha384"} = "!VMSVAX";
+        $platform{"EVP_sha512"} = "!VMSVAX";
+        $platform{"SHA384_Init"} = "!VMSVAX";
+        $platform{"SHA384_Transform"} = "!VMSVAX";
+        $platform{"SHA384_Update"} = "!VMSVAX";
+        $platform{"SHA384_Final"} = "!VMSVAX";
+        $platform{"SHA384"} = "!VMSVAX";
+        $platform{"SHA512_Init"} = "!VMSVAX";
+        $platform{"SHA512_Transform"} = "!VMSVAX";
+        $platform{"SHA512_Update"} = "!VMSVAX";
+        $platform{"SHA512_Final"} = "!VMSVAX";
+        $platform{"SHA512"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Init"} = "!VMSVAX";
+        $platform{"WHIRLPOOL"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
+        $platform{"EVP_whirlpool"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Final"} = "!VMSVAX";
+        $platform{"WHIRLPOOL_Update"} = "!VMSVAX";
+
+
+        # Info we know about
+
+        push @ret, map { $_."\\".&info_string($_,"EXIST",
+                                              $platform{$_},
+                                              $kind{$_},
+                                              $algorithm{$_}) } keys %syms;
+
+        if (keys %unknown_algorithms) {
+                print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+                print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+        }
+        return(@ret);
+}
+
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+        my ($platforms) = @_;
+        my $pl = defined($platforms) ? $platforms : "";
+        my %p = map { $_ => 0 } split /,/, $pl;
+        my $ret;
+
+        print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+            if $debug;
+        # We do this, because if there's code like the following, it really
+        # means the function exists in all cases and should therefore be
+        # everywhere.  By increasing and decreasing, we may attain 0:
+        #
+        # ifndef WIN16
+        #    int foo();
+        # else
+        #    int _fat foo();
+        # endif
+        foreach $platform (split /,/, $pl) {
+                if ($platform =~ /^!(.*)$/) {
+                        $p{$1}--;
+                } else {
+                        $p{$platform}++;
+                }
+        }
+        foreach $platform (keys %p) {
+                if ($p{$platform} == 0) { delete $p{$platform}; }
+        }
+
+        delete $p{""};
+
+        $ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+        print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+            if $debug;
+        return $ret;
+}
+
+sub info_string {
+        (my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+        my %a = defined($algorithms) ?
+            map { $_ => 1 } split /,/, $algorithms : ();
+        my $k = defined($kind) ? $kind : "FUNCTION";
+        my $ret;
+        my $p = &reduce_platforms($platforms);
+
+        delete $a{""};
+
+        $ret = $exist;
+        $ret .= ":".$p;
+        $ret .= ":".$k;
+        $ret .= ":".join(',',sort keys %a);
+        return $ret;
+}
+
+sub maybe_add_info {
+        (my $name, *nums, my @symbols) = @_;
+        my $sym;
+        my $new_info = 0;
+        my %syms=();
+
+        print STDERR "Updating $name info\n";
+        foreach $sym (@symbols) {
+                (my $s, my $i) = split /\\/, $sym;
+                if (defined($nums{$s})) {
+                        $i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+                        (my $n, my $dummy) = split /\\/, $nums{$s};
+                        if (!defined($dummy) || $i ne $dummy) {
+                                $nums{$s} = $n."\\".$i;
+                                $new_info++;
+                                print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+                        }
+                }
+                $syms{$s} = 1;
+        }
+
+        my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+        foreach $sym (@s) {
+                (my $n, my $i) = split /\\/, $nums{$sym};
+                if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+                        $new_info++;
+                        print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+                }
+        }
+        if ($new_info) {
+                print STDERR "$new_info old symbols got an info update\n";
+                if (!$do_rewrite) {
+                        print STDERR "You should do a rewrite to fix this.\n";
+                }
+        } else {
+                print STDERR "No old symbols needed info update\n";
+        }
+}
+
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+        my ($keywords_txt,$platforms) = @_;
+        my (@keywords) = split /,/,$keywords_txt;
+        my ($falsesum, $truesum) = (0, 1);
+
+        # Param: one keyword
+        sub recognise
+        {
+                my ($keyword,$platforms) = @_;
+
+                if ($platforms) {
+                        # platforms
+                        if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; }
+                        if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
+                        if ($keyword eq "VMS" && $VMS) { return 1; }
+                        if ($keyword eq "WIN32" && $W32) { return 1; }
+                        if ($keyword eq "WIN16" && $W16) { return 1; }
+                        if ($keyword eq "WINNT" && $NT) { return 1; }
+                        if ($keyword eq "OS2" && $OS2) { return 1; }
+                        # Special platforms:
+                        # EXPORT_VAR_AS_FUNCTION means that global variables
+                        # will be represented as functions.  This currently
+                        # only happens on VMS-VAX.
+                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
+                                return 1;
+                        }
+                        if ($keyword eq "OPENSSL_FIPS" && $fips) {
+                                return 1;
+                        }
+                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
+                        return 0;
+                } else {
+                        # algorithms
+                        if ($keyword eq "RC2" && $no_rc2) { return 0; }
+                        if ($keyword eq "RC4" && $no_rc4) { return 0; }
+                        if ($keyword eq "RC5" && $no_rc5) { return 0; }
+                        if ($keyword eq "IDEA" && $no_idea) { return 0; }
+                        if ($keyword eq "DES" && $no_des) { return 0; }
+                        if ($keyword eq "BF" && $no_bf) { return 0; }
+                        if ($keyword eq "CAST" && $no_cast) { return 0; }
+                        if ($keyword eq "MD2" && $no_md2) { return 0; }
+                        if ($keyword eq "MD4" && $no_md4) { return 0; }
+                        if ($keyword eq "MD5" && $no_md5) { return 0; }
+                        if ($keyword eq "SHA" && $no_sha) { return 0; }
+                        if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+                        if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+                        if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
+                        if ($keyword eq "RSA" && $no_rsa) { return 0; }
+                        if ($keyword eq "DSA" && $no_dsa) { return 0; }
+                        if ($keyword eq "DH" && $no_dh) { return 0; }
+                        if ($keyword eq "EC" && $no_ec) { return 0; }
+                        if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
+                        if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
+                        if ($keyword eq "HMAC" && $no_hmac) { return 0; }
+                        if ($keyword eq "AES" && $no_aes) { return 0; }
+                        if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
+                        if ($keyword eq "SEED" && $no_seed) { return 0; }
+                        if ($keyword eq "EVP" && $no_evp) { return 0; }
+                        if ($keyword eq "LHASH" && $no_lhash) { return 0; }
+                        if ($keyword eq "STACK" && $no_stack) { return 0; }
+                        if ($keyword eq "ERR" && $no_err) { return 0; }
+                        if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
+                        if ($keyword eq "BIO" && $no_bio) { return 0; }
+                        if ($keyword eq "COMP" && $no_comp) { return 0; }
+                        if ($keyword eq "DSO" && $no_dso) { return 0; }
+                        if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+                        if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+                        if ($keyword eq "HW" && $no_hw) { return 0; }
+                        if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+                        if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
+                        if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
+                        if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+                        if ($keyword eq "PSK" && $no_psk) { return 0; }
+                        if ($keyword eq "CMS" && $no_cms) { return 0; }
+                        if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
+                        if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
+                        if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
+                                        { return 0; }
+                        if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
+                        if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
+                        if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
+                        if ($keyword eq "SRP" && $no_srp) { return 0; }
+                        if ($keyword eq "SCTP" && $no_sctp) { return 0; }
+                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
+
+                        # Nothing recognise as true
+                        return 1;
+                }
+        }
+
+        foreach $k (@keywords) {
+                if ($k =~ /^!(.*)$/) {
+                        $falsesum += &recognise($1,$platforms);
+                } else {
+                        $truesum *= &recognise($k,$platforms);
+                }
+        }
+        print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+        return (!$falsesum) && $truesum;
+}
+
+sub print_test_file
+{
+        (*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+        my $n = 1; my @e; my @r;
+        my $sym; my $prev = ""; my $prefSSLeay;
+
+        (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+        (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+        @symbols=((sort @e),(sort @r));
+
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                my $v = 0;
+                $v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+                my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+                my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+                if (!defined($nums{$s})) {
+                        print STDERR "Warning: $s does not have a number assigned\n"
+                            if(!$do_update);
+                } elsif (is_valid($p,1) && is_valid($a,0)) {
+                        my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+                        if ($prev eq $s2) {
+                                print OUT "\t/* The following has already appeared previously */\n";
+                                print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+                        }
+                        $prev = $s2;    # To warn about duplicates...
+
+                        ($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+                        if ($v) {
+                                print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+                        } else {
+                                print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+                        }
+                }
+        }
+}
+
+sub get_version {
+   local *MF;
+   my $v = '?';
+   open MF, 'Makefile' or return $v;
+   while (<MF>) {
+     $v = $1, last if /^VERSION=(.*?)\s*$/;
+   }
+   close MF;
+   return $v;
+}
+
+sub print_def_file
+{
+        (*OUT,my $name,*nums,my @symbols)=@_;
+        my $n = 1; my @e; my @r; my @v; my $prev="";
+        my $liboptions="";
+        my $libname = $name;
+        my $http_vendor = 'www.openssl.org/';
+        my $version = get_version();
+        my $what = "OpenSSL: implementation of Secure Socket Layer";
+        my $description = "$what $version, $name - http://$http_vendor";
+
+        if ($W32)
+                { $libname.="32"; }
+        elsif ($W16)
+                { $libname.="16"; }
+        elsif ($OS2)
+                { # DLL names should not clash on the whole system.
+                  # However, they should not have any particular relationship
+                  # to the name of the static library.  Chose descriptive names
+                  # (must be at most 8 chars).
+                  my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+                  $libname = $translate{$name} || $name;
+                  $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+                  # Vendor field can't contain colon, drat; so we omit http://
+                  $description = "\@#$http_vendor:$version#\@$what; DLL for library $name.  Build for EMX -Zmtd";
+                }
+
+        print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+
+LIBRARY         $libname        $liboptions
+
+EOF
+
+        if ($W16) {
+                print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+
+EXETYPE         WINDOWS
+
+HEAPSIZE        4096
+STACKSIZE       8192
+
+EOF
+        }
+
+        print "EXPORTS\n";
+
+        (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+        (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+        (@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+        @symbols=((sort @e),(sort @r), (sort @v));
+
+
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                my $v = 0;
+                $v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+                if (!defined($nums{$s})) {
+                        printf STDERR "Warning: $s does not have a number assigned\n"
+                            if(!$do_update);
+                } else {
+                        (my $n, my $dummy) = split /\\/, $nums{$s};
+                        my %pf = ();
+                        my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+                        my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+                        if (is_valid($p,1) && is_valid($a,0)) {
+                                my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+                                if ($prev eq $s2) {
+                                        print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+                                }
+                                $prev = $s2;    # To warn about duplicates...
+                                if($v && !$OS2) {
+                                        printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
+                                } else {
+                                        printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+                                }
+                        }
+                }
+        }
+        printf OUT "\n";
+}
+
+sub load_numbers
+{
+        my($name)=@_;
+        my(@a,%ret);
+
+        $max_num = 0;
+        $num_noinfo = 0;
+        $prev = "";
+        $prev_cnt = 0;
+
+        open(IN,"<$name") || die "unable to open $name:$!\n";
+        while (<IN>) {
+                chop;
+                s/#.*$//;
+                next if /^\s*$/;
+                @a=split;
+                if (defined $ret{$a[0]}) {
+                        # This is actually perfectly OK
+                        #print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+                }
+                if ($max_num > $a[1]) {
+                        print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+                }
+                elsif ($max_num == $a[1]) {
+                        # This is actually perfectly OK
+                        #print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+                        if ($a[0] eq $prev) {
+                                $prev_cnt++;
+                                $a[0] .= "{$prev_cnt}";
+                        }
+                }
+                else {
+                        $prev_cnt = 0;
+                }
+                if ($#a < 2) {
+                        # Existence will be proven later, in do_defs
+                        $ret{$a[0]}=$a[1];
+                        $num_noinfo++;
+                } else {
+                        $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
+                }
+                $max_num = $a[1] if $a[1] > $max_num;
+                $prev=$a[0];
+        }
+        if ($num_noinfo) {
+                print STDERR "Warning: $num_noinfo symbols were without info.";
+                if ($do_rewrite) {
+                        printf STDERR "  The rewrite will fix this.\n";
+                } else {
+                        printf STDERR "  You should do a rewrite to fix this.\n";
+                }
+        }
+        close(IN);
+        return(%ret);
+}
+
+sub parse_number
+{
+        (my $str, my $what) = @_;
+        (my $n, my $i) = split(/\\/,$str);
+        if ($what eq "n") {
+                return $n;
+        } else {
+                return $i;
+        }
+}
+
+sub rewrite_numbers
+{
+        (*OUT,$name,*nums,@symbols)=@_;
+        my $thing;
+
+        print STDERR "Rewriting $name\n";
+
+        my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+
+        my %syms = ();
+        foreach $_ (@symbols) {
+                (my $n, my $i) = split /\\/;
+                $syms{$n} = 1;
+        }
+
+        my @s=sort {
+            &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+            || $a cmp $b
+        } keys %nums;
+        foreach $sym (@s) {
+                (my $n, my $i) = split /\\/, $nums{$sym};
+                next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+                $i="NOEXIST::FUNCTION:"
+                        if !defined($i) || $i eq "" || !defined($syms{$sym});
+                my $s2 = $sym;
+                $s2 =~ s/\{[0-9]+\}$//;
+                printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+                if (exists $r{$sym}) {
+                        (my $s, $i) = split /\\/,$r{$sym};
+                        my $s2 = $s;
+                        $s2 =~ s/\{[0-9]+\}$//;
+                        printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+                }
+        }
+}
+
+sub update_numbers
+{
+        (*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+        my $new_syms = 0;
+
+        print STDERR "Updating $name numbers\n";
+
+        my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                die "ERROR: Symbol $sym had no info attached to it."
+                    if $i eq "";
+                if (!exists $nums{$s}) {
+                        $new_syms++;
+                        my $s2 = $s;
+                        $s2 =~ s/\{[0-9]+\}$//;
+                        printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
+                        if (exists $r{$s}) {
+                                ($s, $i) = split /\\/,$r{$s};
+                                $s =~ s/\{[0-9]+\}$//;
+                                printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
+                        }
+                }
+        }
+        if($new_syms) {
+                print STDERR "$new_syms New symbols added\n";
+        } else {
+                print STDERR "No New symbols Added\n";
+        }
+}
+
+sub check_existing
+{
+        (*nums, my @symbols)=@_;
+        my %existing; my @remaining;
+        @remaining=();
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                $existing{$s}=1;
+        }
+        foreach $sym (keys %nums) {
+                if (!exists $existing{$sym}) {
+                        push @remaining, $sym;
+                }
+        }
+        if(@remaining) {
+                print STDERR "The following symbols do not seem to exist:\n";
+                foreach $sym (@remaining) {
+                        print STDERR "\t",$sym,"\n";
+                }
+        }
+}
+
diff --git a/src/lib/libcrypto/util/mkdir-p.pl b/src/lib/libcrypto/util/mkdir-p.pl
new file mode 100644
index 0000000000..e73d02b073
--- /dev/null
+++ b/src/lib/libcrypto/util/mkdir-p.pl
@@ -0,0 +1,34 @@
+#!/usr/local/bin/perl
+
+# mkdir-p.pl
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  $arg =~ tr|\\|/|;
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+  print "created directory `$dir'\n";
+}
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
new file mode 100644
index 0000000000..7d9a9d5e5c
--- /dev/null
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -0,0 +1,143 @@
+#!/usr/local/bin/perl
+#
+# This is a hacked version of files.pl for systems that can't do a 'make files'.
+# Do a perl util/mkminfo.pl >MINFO to build MINFO
+# Written by Steve Henson 1999.
+
+# List of directories to process
+
+my @dirs = (
+".",
+"crypto",
+"crypto/md2",
+"crypto/md4",
+"crypto/md5",
+"crypto/sha",
+"crypto/mdc2",
+"crypto/hmac",
+"crypto/cmac",
+"crypto/ripemd",
+"crypto/des",
+"crypto/rc2",
+"crypto/rc4",
+"crypto/rc5",
+"crypto/idea",
+"crypto/bf",
+"crypto/cast",
+"crypto/aes",
+"crypto/camellia",
+"crypto/seed",
+"crypto/modes",
+"crypto/bn",
+"crypto/rsa",
+"crypto/dsa",
+"crypto/dso",
+"crypto/dh",
+"crypto/ec",
+"crypto/ecdh",
+"crypto/ecdsa",
+"crypto/buffer",
+"crypto/bio",
+"crypto/stack",
+"crypto/lhash",
+"crypto/rand",
+"crypto/err",
+"crypto/objects",
+"crypto/evp",
+"crypto/asn1",
+"crypto/pem",
+"crypto/x509",
+"crypto/x509v3",
+"crypto/cms",
+"crypto/conf",
+"crypto/jpake",
+"crypto/txt_db",
+"crypto/pkcs7",
+"crypto/pkcs12",
+"crypto/comp",
+"crypto/engine",
+"crypto/ocsp",
+"crypto/ui",
+"crypto/krb5",
+#"crypto/store",
+"crypto/pqueue",
+"crypto/whrlpool",
+"crypto/ts",
+"crypto/srp",
+"ssl",
+"apps",
+"engines",
+"engines/ccgost",
+"test",
+"tools"
+);
+
+%top;
+
+foreach (@dirs) {
+        &files_dir ($_, "Makefile");
+}
+
+exit(0);
+
+sub files_dir
+{
+my ($dir, $makefile) = @_;
+
+my %sym;
+
+open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
+
+my $s="";
+
+while (<IN>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<IN>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+
+                $o =~ s/\$[({]([^)}]+)[)}]/$top{$1} or $sym{$1}/ge;
+                $sym{$s}=($top{$s} or $o);
+                }
+        }
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+if ($dir eq "." && defined($sym{"BUILDENV"}))
+        {
+        foreach (split(' ',$sym{"BUILDENV"}))
+                {
+                /^(.+)=/;
+                $top{$1}=$sym{$1};
+                }
+        }
+
+print "RELATIVE_DIRECTORY=\n";
+
+close (IN);
+}
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
new file mode 100644
index 0000000000..61db12c68f
--- /dev/null
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+
+# mklink.pl
+
+# The first command line argument is a non-empty relative path
+# specifying the "from" directory.
+# Each other argument is a file name not containing / and
+# names a file in the current directory.
+#
+# For each of these files, we create in the "from" directory a link
+# of the same name pointing to the local file.
+#
+# We assume that the directory structure is a tree, i.e. that it does
+# not contain symbolic links and that the parent of / is never referenced.
+# Apart from this, this script should be able to handle even the most
+# pathological cases.
+
+use Cwd;
+
+my $from = shift;
+my @files = @ARGV;
+
+my @from_path = split(/[\\\/]/, $from);
+my $pwd = getcwd();
+chomp($pwd);
+my @pwd_path = split(/[\\\/]/, $pwd);
+
+my @to_path = ();
+
+my $dirname;
+foreach $dirname (@from_path) {
+
+    # In this loop, @to_path always is a relative path from
+    # @pwd_path (interpreted is an absolute path) to the original pwd.
+
+    # At the end, @from_path (as a relative path from the original pwd)
+    # designates the same directory as the absolute path @pwd_path,
+    # which means that @to_path then is a path from there to the original pwd.
+
+    next if ($dirname eq "" || $dirname eq ".");
+
+    if ($dirname eq "..") {
+        @to_path = (pop(@pwd_path), @to_path);
+    } else {
+        @to_path = ("..", @to_path);
+        push(@pwd_path, $dirname);
+    }
+}
+
+my $to = join('/', @to_path);
+
+my $file;
+$symlink_exists=eval {symlink("",""); 1};
+if ($^O eq "msys") { $symlink_exists=0 };
+foreach $file (@files) {
+    my $err = "";
+    if ($symlink_exists) {
+        unlink "$from/$file";
+        symlink("$to/$file", "$from/$file") or $err = " [$!]";
+    } else {
+        unlink "$from/$file"; 
+        open (OLD, "<$file") or die "Can't open $file: $!";
+        open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
+        binmode(OLD);
+        binmode(NEW);
+        while (<OLD>) {
+            print NEW $_;
+        }
+        close (OLD) or die "Can't close $file: $!";
+        close (NEW) or die "Can't close $from/$file: $!";
+    }
+    print $file . " => $from/$file$err\n";
+}
diff --git a/src/lib/libcrypto/util/mkrc.pl b/src/lib/libcrypto/util/mkrc.pl
new file mode 100755
index 0000000000..0ceadcf8d1
--- /dev/null
+++ b/src/lib/libcrypto/util/mkrc.pl
@@ -0,0 +1,71 @@
+#!/bin/env perl
+#
+open FD,"crypto/opensslv.h";
+while(<FD>) {
+    if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) {
+        $ver = hex($1);
+        $v1 = ($ver>>28);
+        $v2 = ($ver>>20)&0xff;
+        $v3 = ($ver>>12)&0xff;
+        $v4 = ($ver>> 4)&0xff;
+        $beta = $ver&0xf;
+        $version = "$v1.$v2.$v3";
+        if ($beta==0xf) { $version .= chr(ord('a')+$v4-1) if ($v4);     }
+        elsif ($beta==0){ $version .= "-dev";                           }
+        else            { $version .= "-beta$beta";                     }
+        last;
+    }
+}
+close(FD);
+
+$filename = $ARGV[0]; $filename =~ /(.*)\.([^.]+)$/;
+$basename = $1;
+$extname  = $2;
+
+if ($extname =~ /dll/i) { $description = "OpenSSL shared library"; }
+else                    { $description = "OpenSSL application";    }
+
+print <<___;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+  FILEVERSION $v1,$v2,$v3,$v4
+  PRODUCTVERSION $v1,$v2,$v3,$v4
+  FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+  FILEFLAGS 0x01L
+#else
+  FILEFLAGS 0x00L
+#endif
+  FILEOS VOS__WINDOWS32
+  FILETYPE VFT_DLL
+  FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            // Required:
+            VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+            VALUE "FileDescription", "$description\\0"
+            VALUE "FileVersion", "$version\\0"
+            VALUE "InternalName", "$basename\\0"
+            VALUE "OriginalFilename", "$filename\\0"
+            VALUE "ProductName", "The OpenSSL Toolkit\\0"
+            VALUE "ProductVersion", "$version\\0"
+            // Optional:
+            //VALUE "Comments", "\\0"
+            VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+            //VALUE "LegalTrademarks", "\\0"
+            //VALUE "PrivateBuild", "\\0"
+            //VALUE "SpecialBuild", "\\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 0x4b0
+    END
+END
+___
diff --git a/src/lib/libcrypto/util/opensslwrap.sh b/src/lib/libcrypto/util/opensslwrap.sh
new file mode 100755
index 0000000000..b27cbb897f
--- /dev/null
+++ b/src/lib/libcrypto/util/opensslwrap.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+HERE="`echo $0 | sed -e 's|[^/]*$||'`"
+OPENSSL="${HERE}../apps/openssl"
+
+if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then
+        OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
+fi
+
+if [ -x "${OPENSSL}.exe" ]; then
+        # The original reason for this script existence is to work around
+        # certain caveats in run-time linker behaviour. On Windows platforms
+        # adjusting $PATH used to be sufficient, but with introduction of
+        # SafeDllSearchMode in XP/2003 the only way to get it right in
+        # *all* possible situations is to copy newly built .DLLs to apps/
+        # and test/, which is now done elsewhere... The $PATH is adjusted
+        # for backward compatibility (and nostagical reasons:-).
+        if [ "$OSTYPE" != msdosdjgpp ]; then
+                PATH="${HERE}..:$PATH"; export PATH
+        fi
+        exec "${OPENSSL}.exe" "$@"
+elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
+        exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
+else
+        exec "${OPENSSL}" "$@"  # hope for the best...
+fi
diff --git a/src/lib/libcrypto/util/perlpath.pl b/src/lib/libcrypto/util/perlpath.pl
new file mode 100644
index 0000000000..a1f236bd98
--- /dev/null
+++ b/src/lib/libcrypto/util/perlpath.pl
@@ -0,0 +1,35 @@
+#!/usr/local/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+
+require "find.pl";
+
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+
+sub wanted
+        {
+        return unless /\.pl$/ || /^[Cc]onfigur/;
+
+        open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+        @a=<IN>;
+        close(IN);
+
+        if (-d $ARGV[0]) {
+                $a[0]="#!$ARGV[0]/perl\n";
+        }
+        else {
+                $a[0]="#!$ARGV[0]\n";
+        }
+
+        # Playing it safe...
+        $new="$_.new";
+        open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+        print OUT @a;
+        close(OUT);
+
+        rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+        chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+        }
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
new file mode 100644
index 0000000000..1f1e13fb40
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -0,0 +1,139 @@
+#!/usr/local/bin/perl
+# Borland C++ builder 3 and 4 -- Janez Jere <jj@void.si>
+#
+
+$ssl=   "ssleay32";
+$crypto="libeay32";
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+$cc='bcc32';
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+if ($debug)
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
+else
+{
+    $cflags.="-O2 -ff -fp";
+}
+
+$obj='.obj';
+$ofile="-o";
+
+# EXE linking stuff
+$link="ilink32";
+$efile="";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="cw32mt.lib import32.lib"; }
+
+# static library stuff
+$mklib='tlib /P64';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+
+$asm='nasmw -f obj -d__omf__';
+$asm.=" /Zi" if $debug;
+$afile='-o';
+
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+        {
+        $bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+        $bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+        $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+        $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+        $bf_enc_obj='crypto\bf\asm\b_win32.obj';
+        $bf_enc_src='crypto\bf\asm\b_win32.asm';
+        $cast_enc_obj='crypto\cast\asm\c_win32.obj';
+        $cast_enc_src='crypto\cast\asm\c_win32.asm';
+        $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+        $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+        $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+        $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+        $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+        $md5_asm_src='crypto\md5\asm\m5_win32.asm';
+        $sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+        $sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+        $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+        $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" /GD -D_WINDLL -D_DLL";
+        $out_def="out32dll";
+        $tmp_def="tmp32dll";
+        }
+
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+                $ret.=<<___;
+        -\$(RM) $lfile$target
+        \$(MKLIB) $lfile$target \@&&!
++\$(**: = &^
++)
+!
+___
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' ws2_32.lib gdi32.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
+        return($ret);
+        }
+
+1;
diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl
new file mode 100644
index 0000000000..fe3fb27a78
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw
+#
+
+$o='/';
+$cp='cp';
+$rm='rm -f';
+$mkdir='gmkdir';
+
+$o='\\';
+$cp='copy';
+$rm='del';
+$mkdir='mkdir';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
+else
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
+
+if ($gaswin and !$no_asm)
+        {
+        $bn_asm_obj='$(OBJ_D)\bn-win32.o';
+        $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)\co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
+        $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o';
+        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
+        $bf_enc_obj='$(OBJ_D)\b-win32.o';
+        $bf_enc_src='crypto/bf/asm/b-win32.s';
+#       $cast_enc_obj='$(OBJ_D)\c-win32.o';
+#       $cast_enc_src='crypto/cast/asm/c-win32.s';
+        $rc4_enc_obj='$(OBJ_D)\r4-win32.o';
+        $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
+        $rc5_enc_obj='$(OBJ_D)\r5-win32.o';
+        $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
+        $md5_asm_obj='$(OBJ_D)\m5-win32.o';
+        $md5_asm_src='crypto/md5/asm/m5-win32.s';
+        $rmd160_asm_obj='$(OBJ_D)\rm-win32.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
+        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
+        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+        }
+
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lws2_32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
+
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\tif exist $target \$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
new file mode 100644
index 0000000000..28cd116907
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -0,0 +1,120 @@
+#!/usr/local/bin/perl
+#
+# OS2-EMX.pl - for EMX GCC on OS/2
+#
+
+$o='/';
+$cp='cp';
+$rm='rm -f';
+
+$preamble = "SHELL=sh\n";
+
+# C compiler stuff
+
+$cc='gcc';
+$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
+$cflags.="-Zomf " if $shlib;
+$shl_cflag="-Zdll";
+
+if ($debug) { 
+        $cflags.="-g "; 
+}
+
+$obj=$shlib ? '.obj' : '.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS} -Zbsd-signals -s';
+$efile='-o ';
+$exep='.exe';
+$ex_libs="-lsocket";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib="ar s";
+$plib='';
+$libp=$shlib ? ".lib" : ".a";
+$shlibp=$shlib ? ".dll" : ".a";
+$lfile='';
+
+$asm=$shlib ? 'as -Zomf' : 'as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+if (!$no_asm)
+        {
+        $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+        $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+        $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+        $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+        $bf_enc_obj="crypto/bf/asm/b-os2$obj";
+        $bf_enc_src="crypto/bf/asm/b-os2.asm";
+        $cast_enc_obj="crypto/cast/asm/c-os2$obj";
+        $cast_enc_src="crypto/cast/asm/c-os2.asm";
+        $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+        $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+        $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+        $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+        $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+        $md5_asm_src="crypto/md5/asm/m5-os2.asm";
+        $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+        $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+        $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+        $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+        }
+
+if ($shlib)
+        {
+        $mlflags.=" $lflags -Zdll";
+        $lib_cflag=" -D_DLL";
+        $out_def="out_dll";
+        $tmp_def="tmp_dll";
+        }
+
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+        $ret.="$target: \$(${Name}OBJ)\n";
+        if (!$shlib) 
+                {
+                $ret.="\t\$(RM) $target\n";
+                $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+                $ret.="\t\$(RANLIB) $target\n\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' -lsocket';
+                $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+                $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
+                $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
+                }
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
new file mode 100644
index 0000000000..c503bd52b9
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -0,0 +1,397 @@
+#!/usr/local/bin/perl
+# VC-32.pl - unified script for Microsoft Visual C++, covering Win32,
+# Win64 and WinCE [follow $FLAVOR variable to trace the differences].
+#
+
+$ssl=   "ssleay32";
+$crypto="libeay32";
+
+if ($fips && !$shlib)
+        {
+        $crypto="libeayfips32";
+        $crypto_compat = "libeaycompat32.lib";
+        }
+else
+        {
+        $crypto="libeay32";
+        }
+
+$o='\\';
+$cp='$(PERL) util/copy.pl';
+$mkdir='$(PERL) util/mkdir-p.pl';
+$rm='del /Q';
+
+$zlib_lib="zlib1.lib";
+
+# Santize -L options for ms link
+$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
+$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
+
+# C compiler stuff
+$cc='cl';
+if ($FLAVOR =~ /WIN64/)
+    {
+    # Note that we currently don't have /WX on Win64! There is a lot of
+    # warnings, but only of two types:
+    #
+    # C4344: conversion from '__int64' to 'int/long', possible loss of data
+    # C4267: conversion from 'size_t' to 'int/long', possible loss of data
+    #
+    # Amount of latter type is minimized by aliasing strlen to function of
+    # own desing and limiting its return value to 2GB-1 (see e_os.h). As
+    # per 0.9.8 release remaining warnings were explicitly examined and
+    # considered safe to ignore.
+    # 
+    $base_cflags= " $mf_cflag";
+    my $f = $shlib || $fips ?' /MD':' /MT';
+    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
+    $opt_cflags=$f.' /Ox';
+    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /subsystem:console /opt:ref";
+
+    *::perlasm_compile_target = sub {
+        my ($target,$source,$bname)=@_;
+        my $ret;
+
+        $bname =~ s/(.*)\.[^\.]$/$1/;
+        $ret=<<___;
+\$(TMP_D)$o$bname.asm: $source
+        set ASM=\$(ASM)
+        \$(PERL) $source \$\@
+
+$target: \$(TMP_D)$o$bname.asm
+        \$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm
+
+___
+        }
+    }
+elsif ($FLAVOR =~ /CE/)
+    {
+    # sanity check
+    die '%OSVERSION% is not defined'    if (!defined($ENV{'OSVERSION'}));
+    die '%PLATFORM% is not defined'     if (!defined($ENV{'PLATFORM'}));
+    die '%TARGETCPU% is not defined'    if (!defined($ENV{'TARGETCPU'}));
+
+    #
+    # Idea behind this is to mimic flags set by eVC++ IDE...
+    #
+    $wcevers = $ENV{'OSVERSION'};                       # WCENNN
+    die '%OSVERSION% value is insane'   if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
+    $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2";    # -D_WIN32_WCE=NNN
+    $wcelflag = "/subsystem:windowsce,$1.$2";           # ...,N.NN
+
+    $wceplatf =  $ENV{'PLATFORM'};
+    $wceplatf =~ tr/a-z0-9 /A-Z0-9_/d;
+    $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
+
+    $wcetgt = $ENV{'TARGETCPU'};        # just shorter name...
+    SWITCH: for($wcetgt) {
+        /^X86/          && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
+                                $wcelflag.=" /machine:IX86";    last; };
+        /^ARMV4[IT]/    && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
+                                $wcecdefs.=" -QRarch4T -QRinterwork-return";
+                                $wcelflag.=" /machine:THUMB";   last; };
+        /^ARM/          && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+                                $wcelflag.=" /machine:ARM";     last; };
+        /^MIPSIV/       && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
+                                $wcelflag.=" /machine:MIPSFPU"; last; };
+        /^MIPS16/       && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -DMIPSII -QMmips16";
+                                $wcelflag.=" /machine:MIPS16";  last; };
+        /^MIPSII/       && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+                                $wcecdefs.=" -QMmips2";
+                                $wcelflag.=" /machine:MIPS";    last; };
+        /^R4[0-9]{3}/   && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
+                                $wcelflag.=" /machine:MIPS";    last; };
+        /^SH[0-9]/      && do { $wcecdefs.=" -D$wcetgt -D_$wcetgt_ -DSHx";
+                                $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
+                                $wcelflag.=" /machine:$wcetgt"; last; };
+        { $wcecdefs.=" -D$wcetgt -D_$wcetgt_";
+          $wcelflag.=" /machine:$wcetgt";                       last; };
+    }
+
+    $cc='$(CC)';
+    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
+    $base_cflags.=" $wcecdefs";
+    $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
+    $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
+    $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
+    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /opt:ref $wcelflag";
+    }
+else    # Win32
+    {
+    $base_cflags= " $mf_cflag";
+    my $f = $shlib || $fips ?' /MD':' /MT';
+    $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
+    $opt_cflags=$f.' /Ox /O2 /Ob2';
+    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /subsystem:console /opt:ref";
+    }
+$mlflags='';
+
+$out_def ="out32";      $out_def.="dll"                 if ($shlib);
+                        $out_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
+$tmp_def ="tmp32";      $tmp_def.="dll"                 if ($shlib);
+                        $tmp_def.='_$(TARGETCPU)'       if ($FLAVOR =~ /CE/);
+$inc_def="inc32";
+
+if ($debug)
+        {
+        $cflags=$dbg_cflags.$base_cflags;
+        }
+else
+        {
+        $cflags=$opt_cflags.$base_cflags;
+        }
+
+# generate symbols.pdb unconditionally
+$app_cflag.=" /Zi /Fd\$(TMP_D)/app";
+$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib";
+$lflags.=" /debug";
+
+$obj='.obj';
+$asm_suffix='.asm';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$rsc="rc";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)           { $ex_libs=''; }
+elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; }
+else                    { $ex_libs='ws2_32.lib'; }
+
+if ($FLAVOR =~ /CE/)
+        {
+        $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'   if (defined($ENV{'WCECOMPAT'}));
+        $ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'     if (defined($ENV{'PORTSDK_LIBPATH'}));
+        $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
+        }
+else
+        {
+        $ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib';
+        $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+        # WIN32 UNICODE build gets linked with unicows.lib for
+        # backward compatibility with Win9x.
+        $ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/);
+        }
+
+# static library stuff
+$mklib='lib /nologo';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
+if ($FLAVOR =~ /WIN64A/) {
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+                $asm='nasm -f win64 -DNEAR -Ox -g';
+                $afile='-o ';
+        } else {
+                $asm='ml64 /c /Cp /Cx /Zi';
+                $afile='/Fo';
+        }
+} elsif ($FLAVOR =~ /WIN64I/) {
+        $asm='ias -d debug';
+        $afile="-o ";
+} elsif ($nasm) {
+        my $ver=`nasm -v 2>NUL`;
+        my $vew=`nasmw -v 2>NUL`;
+        # pick newest version
+        $asm=($ver ge $vew?"nasm":"nasmw")." -f win32";
+        $asmtype="win32n";
+        $afile='-o ';
+} else {
+        $asm='ml /nologo /Cp /coff /c /Cx /Zi';
+        $afile='/Fo';
+        $asmtype="win32";
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+        {
+        win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src);
+        win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src);
+        win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src);
+        win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src);
+        win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src);
+        win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src);
+        win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src);
+        win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src);
+        win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src);
+        win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src);
+        win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src);
+        win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src);
+        $perl_asm = 1;
+        }
+
+if ($shlib && $FLAVOR !~ /CE/)
+        {
+        $mlflags.=" $lflags /dll";
+        $lib_cflag.=" -D_WINDLL";
+        #
+        # Engage Applink...
+        #
+        $app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib";
+        $cflags.=" -DOPENSSL_USE_APPLINK -I.";
+        # I'm open for better suggestions than overriding $banner...
+        $banner=<<'___';
+        @echo Building OpenSSL
+
+$(OBJ_D)\applink.obj:   ms\applink.c
+        $(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c
+$(OBJ_D)\uplink.obj:    ms\uplink.c ms\applink.c
+        $(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c
+$(INCO_D)\applink.c:    ms\applink.c
+        $(CP) ms\applink.c $(INCO_D)\applink.c
+
+EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
+
+LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
+CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
+___
+        $banner.=<<'___' if ($FLAVOR =~ /WIN64/);
+CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
+___
+        }
+elsif ($shlib && $FLAVOR =~ /CE/)
+        {
+        $mlflags.=" $lflags /dll";
+        $lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
+        $lib_cflag.=" -D_WINDLL -D_DLL";
+        }
+
+sub do_lib_rule
+        {
+        my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+        local($ret);
+
+        $taget =~ s/\//$o/g if $o ne '/';
+        my $base_arg;
+        if ($base_addr ne "")
+                {
+                $base_arg= " /base:$base_addr";
+                }
+        else
+                {
+                $base_arg = "";
+                }
+        if ($name ne "")
+                {
+                $name =~ tr/a-z/A-Z/;
+                $name = "/def:ms/${name}.def";
+                }
+
+#       $target="\$(LIB_D)$o$target";
+#       $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="$target: $objs\n";
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
+                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+
+                if ($fips && $target =~ /O_CRYPTO/)
+                        {
+                        $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
+                        $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+                        $ret.="\tSET FIPS_CC=\$(CC)\n";
+                        $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                        $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+                        $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                        $ret.="\tSET FIPS_TARGET=$target\n";
+                        $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                        $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
+                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+                        }
+                else
+                        {
+                        $ret.="$target: $objs";
+                        $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+                        }
+                $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+
+sub do_link_rule
+        {
+        my($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        if ($standalone == 1)
+                {
+                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+                $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+                $ret.="$files $libs\n<<\n";
+                }
+        elsif ($standalone == 2)
+                {
+                $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+                $ret.="\tSET FIPS_CC=\$(CC)\n";
+                $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                $ret.="\tSET PREMAIN_DSO_EXE=\n";
+                $ret.="\tSET FIPS_TARGET=$target\n";
+                $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+                $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+                }
+        else
+                {
+                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+                $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
+                }
+        $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+        return($ret);
+        }
+
+sub win32_import_asm
+        {
+        my ($mf_var, $asm_name, $oref, $sref) = @_;
+        my $asm_dir;
+        if ($asm_name eq "")
+                {
+                $asm_dir = "crypto\\";
+                }
+        else
+                {
+                $asm_dir = "crypto\\$asm_name\\asm\\";
+                }
+
+        $$oref = "";
+        $mf_var =~ s/\.o$/.obj/g;
+
+        foreach (split(/ /, $mf_var))
+                {
+                $$oref .= $asm_dir . $_ . " ";
+                }
+        $$oref =~ s/ $//;
+        $$sref = $$oref;
+        $$sref =~ s/\.obj/.asm/g;
+
+        }
+
+
+1;
diff --git a/src/lib/libcrypto/util/pl/linux.pl b/src/lib/libcrypto/util/pl/linux.pl
new file mode 100644
index 0000000000..d24f7b7291
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/linux.pl
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+        { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+        { $cflags="-pg -O3"; }
+else
+        { $cflags="-O3 -fomit-frame-pointer"; }
+
+if (!$no_asm)
+        {
+        $bn_asm_obj='$(OBJ_D)/bn86-elf.o';
+        $bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+        $bnco_asm_obj='$(OBJ_D)/co86-elf.o';
+        $bnco_asm_src='crypto/bn/asm/co86unix.cpp';
+        $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+        $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+        $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+        $bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+        $cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+        $cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+        $rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+        $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+        $rc5_enc_obj='$(OBJ_D)/r586-elf.o';
+        $rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
+        $md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+        $md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+        $rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
+        $sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+        $sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+        }
+
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+
+if ($shlib)
+        {
+        $shl_cflag=" -DPIC -fpic";
+        $shlibp=".so.$ssl_version";
+        $so_shlibp=".so";
+        }
+
+sub do_shlib_rule
+        {
+        local($obj,$target,$name,$shlib,$so_name)=@_;
+        local($ret,$_,$Name);
+
+        $target =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) target\n";
+        $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
+        ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+        if ($so_name ne "")
+                {
+                $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+                $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+                }
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+                }
+        return($ret);
+        }
+
+1;
diff --git a/src/lib/libcrypto/util/pl/netware.pl b/src/lib/libcrypto/util/pl/netware.pl
new file mode 100644
index 0000000000..c78bcfc874
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/netware.pl
@@ -0,0 +1,532 @@
+# Metrowerks Codewarrior or gcc / nlmconv for NetWare
+#
+
+$version_header = "crypto/opensslv.h";
+open(IN, "$version_header") or die "Couldn't open $version_header: $!";
+while (<IN>) {
+  if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/)
+  {
+    # die "OpenSSL version detected: $1.$2.$3.$4\n";
+    #$nlmvernum = "$1,$2,$3";
+    $nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):"");
+    break;
+  }
+}
+close(IN) or die "Couldn't close $version_header: $!";
+
+$readme_file = "README";
+open(IN, $readme_file) or die "Couldn't open $readme_file: $!";
+while (<IN>) {
+  if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/)
+  {
+    #$nlmvernum = "$1,$2,$3";
+    #$nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    $nlmverstr = "$1.$2.$3$4$5";
+  }
+  elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/)
+  {
+    $nlmcpystr = $1;
+  }
+  break if ($nlmvernum && $nlmcpystr);
+}
+close(IN) or die "Couldn't close $readme_file: $!";
+
+# Define stacksize here
+$nlmstack = "32768";
+
+# some default settings here in case we failed to find them in README
+$nlmvernum = "1,0,0" if (!$nlmvernum);
+$nlmverstr = "OpenSSL" if (!$nlmverstr);
+$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr);
+
+# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n";
+
+# The import files and other misc imports needed to link
+@misc_imports = ("GetProcessSwitchCount", "RunningProcess",
+                 "GetSuperHighResolutionTimer");
+if ($LIBC)
+{
+   @import_files = ("libc.imp");
+   @module_files = ("libc");
+   $libarch = "LIBC";
+}
+else
+{
+   # clib build
+   @import_files = ("clib.imp");
+   push(@import_files, "socklib.imp") if ($BSDSOCK);
+   @module_files = ("clib");
+   # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
+   $libarch = "CLIB";
+}
+if ($BSDSOCK)
+{
+   $libarch .= "-BSD";
+}
+else
+{
+   $libarch .= "-WS2";
+   push(@import_files, "ws2nlm.imp");
+}
+
+# The "IMPORTS" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+# Example:  set IMPORTS=c:\ndk\nwsdk\imports
+$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
+
+
+# The "PRELUDE" environment variable must be set and point to the location
+# and name of the prelude source to link with ( nwpre.obj is recommended ).
+# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
+$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
+
+# The "INCLUDES" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n");
+$include_path =~ s/\\/\//g;
+$include_path = join(" -I", split(/;/, $include_path));
+
+# check for gcc compiler
+$gnuc = $ENV{"GNUC"};
+
+#$ssl=   "ssleay32";
+#$crypto="libeay32";
+
+if ($gnuc)
+{
+   # C compiler
+   $cc='gcc';
+   # Linker
+   $link='nlmconv';
+   # librarian
+   $mklib='ar';
+   $o='/';
+   # cp command
+   $cp='cp -af';
+   # rm command
+   $rm='rm -f';
+   # mv command
+   $mv='mv -f';
+   # mkdir command
+   $mkdir='gmkdir';
+   #$ranlib='ranlib';
+}
+else
+{
+   # C compiler
+   $cc='mwccnlm';
+   # Linker
+   $link='mwldnlm';
+   # librarian
+   $mklib='mwldnlm';
+   # Path separator
+   $o='\\';
+   # cp command
+   $cp='copy >nul:';
+   # rm command
+   $rm='del /f /q';
+}
+
+# assembler
+if ($nw_nasm)
+{
+   $asm=(`nasm -v 2>NUL` gt `nasmw -v 2>NUL`?"nasm":"nasmw");
+   if ($gnuc)
+   {
+      $asm.=" -s -f elf";
+   }
+   else
+   {
+      $asm.=" -s -f coff -d __coff__";
+   }
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_mwasm)
+{
+   $asm="mwasmnlm -maxerrors 20";
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_masm)
+{
+# masm assembly settings - it should be possible to use masm but haven't
+# got it working.
+# $asm='ml /Cp /coff /c /Cx';
+# $asm.=" /Zi" if $debug;
+# $afile='/Fo';
+   die("Support for masm assembler not yet functional\n");
+}
+else
+{
+   $asm="";
+   $afile="";
+}
+
+
+
+if ($gnuc)
+{
+   # compile flags for GNUC
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-g -DDEBUG";
+   }
+   else
+   {
+      $cflags="-O2";
+   }
+   $cflags.=" -nostdinc -I$include_path \\
+         -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\
+         -funsigned-char -Wall -Wno-unused -Wno-uninitialized";
+
+   # link flags
+   $lflags="-T";
+}
+else
+{
+   # compile flags for CodeWarrior
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-opt off -g -sym internal -DDEBUG";
+   }
+   else
+   {
+   # CodeWarrior compiler has a problem with optimizations for floating
+   # points - no optimizations until further investigation
+   #      $cflags="-opt all";
+   }
+
+   # NOTES: Several c files in the crypto subdirectory include headers from
+   #        their local directories.  Metrowerks wouldn't find these h files
+   #        without adding individual include directives as compile flags
+   #        or modifying the c files.  Instead of adding individual include
+   #        paths for each subdirectory a recursive include directive
+   #        is used ( -ir crypto ).
+   #
+   #        A similar issue exists for the engines and apps subdirectories.
+   #
+   #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
+   #        complained a lot about various stuff.  May want to turn back
+   #        on for further development.
+   $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\
+         -msgstyle gcc -align 4 -processor pentium -char unsigned \\
+         -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
+         -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
+
+   # link flags
+   $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile";
+}
+
+# common defines
+$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32";
+
+# If LibC build add in NKS_LIBC define and set the entry/exit
+# routines - The default entry/exit routines are for CLib and don't exist
+# in LibC
+if ($LIBC)
+{
+   $cflags.=" -DNETWARE_LIBC";
+   $nlmstart = "_LibCPrelude";
+   $nlmexit = "_LibCPostlude";
+   @nlm_flags = ("pseudopreemption", "flag_on 64");
+}
+else
+{
+   $cflags.=" -DNETWARE_CLIB";
+   $nlmstart = "_Prelude";
+   $nlmexit = "_Stop";
+}
+
+# If BSD Socket support is requested, set a define for the compiler
+if ($BSDSOCK)
+{
+   $cflags.=" -DNETWARE_BSDSOCK";
+   if (!$LIBC)
+   {
+      $cflags.=" -DNETDB_USE_INTERNET";
+   }
+}
+
+
+# linking stuff
+# for the output directories use the mk1mf.pl values with "_nw" appended
+if ($shlib)
+{
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc_nlm";
+      $tmp_def.="_nw_libc_nlm";
+      $inc_def.="_nw_libc_nlm";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib_nlm";
+      $tmp_def.="_nw_clib_nlm";
+      $inc_def.="_nw_clib_nlm";
+   }
+}
+else
+{
+   if ($gnuc) # GNUC Tools
+   {
+      $libp=".a";
+      $shlibp=".a";
+      $lib_flags="-cr";
+   }
+   else       # CodeWarrior
+   {
+      $libp=".lib";
+      $shlibp=".lib";
+      $lib_flags="-nodefaults -type library -o";
+   }
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc";
+      $tmp_def.="_nw_libc";
+      $inc_def.="_nw_libc";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib";
+      $tmp_def.="_nw_clib";
+      $inc_def.="_nw_clib";
+   }
+}
+
+# used by mk1mf.pl
+$obj='.o';
+$ofile='-o ';
+$efile='';
+$exep='.nlm';
+$ex_libs='';
+
+if (!$no_asm)
+{
+   $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}";
+   $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
+   $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}";
+   $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm";
+   $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}";
+   $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm";
+   $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}";
+   $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
+   $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}";
+   $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
+   $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}";
+   $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
+   $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}";
+   $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
+   $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}";
+   $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
+   $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}";
+   $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
+   $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj} \$(OBJ_D)${o}sha256-nw${obj} \$(OBJ_D)${o}sha512-nw${obj}";
+   $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm crypto${o}sha${o}asm${o}sha256-nw.asm crypto${o}sha${o}asm${o}sha512-nw.asm";
+   $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}";
+   $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
+   $whirlpool_asm_obj="\$(OBJ_D)${o}wp-nw${obj}";
+   $whirlpool_asm_src="crypto${o}whrlpool${o}asm${o}wp-nw.asm";
+   $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}";
+   $cpuid_asm_src="crypto${o}x86cpuid-nw.asm";
+   $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM";
+   $cflags.=" -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
+   $cflags.=" -DAES_ASM -DRMD160_ASM";
+}
+else
+{
+   $bn_asm_obj='';
+   $bn_asm_src='';
+   $bnco_asm_obj='';
+   $bnco_asm_src='';
+   $aes_asm_obj='';
+   $aes_asm_src='';
+   $des_enc_obj='';
+   $des_enc_src='';
+   $bf_enc_obj='';
+   $bf_enc_src='';
+   $cast_enc_obj='';
+   $cast_enc_src='';
+   $rc4_enc_obj='';
+   $rc4_enc_src='';
+   $rc5_enc_obj='';
+   $rc5_enc_src='';
+   $md5_asm_obj='';
+   $md5_asm_src='';
+   $sha1_asm_obj='';
+   $sha1_asm_src='';
+   $rmd160_asm_obj='';
+   $rmd160_asm_src='';
+   $whirlpool_asm_obj='';
+   $whirlpool_asm_src='';
+   $cpuid_asm_obj='';
+   $cpuid_asm_src='';
+}
+
+# create the *.def linker command files in \openssl\netware\ directory
+sub do_def_file
+{
+   # strip off the leading path
+   my($target) = bname(shift);
+   my($i);
+
+   if ($target =~ /(.*).nlm/)
+   {
+      $target = $1;
+   }
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      $target =~ s/\$\(E_EXE\)/openssl/;
+   }
+
+   # Note: originally tried to use full path ( \openssl\netware\$target.def )
+   # Metrowerks linker choked on this with an assertion failure. bug???
+   #
+   my($def_file) = "netware${o}$target.def";
+
+   open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
+
+   print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" );
+   print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" );
+   print( DEF_OUT "#\n");
+   print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n");
+   print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n");
+   print( DEF_OUT "VERSION $nlmvernum\n");
+   print( DEF_OUT "STACK $nlmstack\n");
+   print( DEF_OUT "START $nlmstart\n");
+   print( DEF_OUT "EXIT $nlmexit\n");
+
+   # special case for openssl
+   if ($target eq "openssl")
+   {
+      print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n");
+   }
+   else
+   {
+      print( DEF_OUT "SCREENNAME \"DEFAULT\"\n");
+   }
+
+   foreach $i (@misc_imports)
+   {
+      print( DEF_OUT "IMPORT $i\n");
+   }
+
+   foreach $i (@import_files)
+   {
+      print( DEF_OUT "IMPORT \@$import_path${o}$i\n");
+   }
+
+   foreach $i (@module_files)
+   {
+      print( DEF_OUT "MODULE $i\n");
+   }
+
+   foreach $i (@nlm_flags)
+   {
+      print( DEF_OUT "$i\n");
+   }
+
+   if ($gnuc)
+   {
+      if ($target =~ /openssl/)
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n");
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n");
+      }
+      else
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n");
+      }
+      print( DEF_OUT "INPUT $prelude\n");
+      print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n");
+      print( DEF_OUT "OUTPUT $target.nlm\n");
+   }
+
+   close(DEF_OUT);
+   return($def_file);
+}
+
+sub do_lib_rule
+{
+   my($objs,$target,$name,$shlib)=@_;
+   my($ret);
+
+   $ret.="$target: $objs\n";
+   if (!$shlib)
+   {
+      $ret.="\t\@echo Building Lib: $name\n";
+      $ret.="\t\$(MKLIB) $lib_flags $target $objs\n";
+      $ret.="\t\@echo .\n"
+   }
+   else
+   {
+      die( "Building as NLM not currently supported!" );
+   }
+
+   $ret.="\n";
+   return($ret);
+}
+
+sub do_link_rule
+{
+   my($target,$files,$dep_libs,$libs)=@_;
+   my($ret);
+   my($def_file) = do_def_file($target);
+
+   $ret.="$target: $files $dep_libs\n";
+
+   # NOTE:  When building the test nlms no screen name is given
+   #  which causes the console screen to be used.  By using the console
+   #  screen there is no "<press any key to continue>" message which
+   #  requires user interaction.  The test script ( do_tests.pl ) needs
+   #  to be able to run the tests without requiring user interaction.
+   #
+   #  However, the sample program "openssl.nlm" is used by the tests and is
+   #  a interactive sample so a screen is desired when not be run by the
+   #  tests.  To solve the problem, two versions of the program are built:
+   #    openssl2 - no screen used by tests
+   #    openssl - default screen - use for normal interactive modes
+   #
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      my($target2) = $target;
+
+      $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
+
+      # openssl2
+      my($def_file2) = do_def_file($target2);
+
+      if ($gnuc)
+      {
+         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n";
+         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
+      }
+      else
+      {
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
+      }
+   }
+   if ($gnuc)
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n";
+      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
+   }
+   else
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
+   }
+
+   $ret.="\n";
+   return($ret);
+
+}
+
+1;
diff --git a/src/lib/libcrypto/util/pl/ultrix.pl b/src/lib/libcrypto/util/pl/ultrix.pl
new file mode 100644
index 0000000000..ea370c71f9
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/ultrix.pl
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='cc';
+if ($debug)
+        { $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+        { $cflags="-O2"; }
+
+$cflags.=" -std1 -DL_ENDIAN";
+
+if (!$no_asm)
+        {
+        $bn_asm_obj='$(OBJ_D)/mips1.o';
+        $bn_asm_src='crypto/bn/asm/mips1.s';
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+
+1;
diff --git a/src/lib/libcrypto/util/pl/unix.pl b/src/lib/libcrypto/util/pl/unix.pl
new file mode 100644
index 0000000000..146611ad99
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/unix.pl
@@ -0,0 +1,96 @@
+#!/usr/local/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+if ($gcc)
+        {
+        $cc='gcc';
+        if ($debug)
+                { $cflags="-g2 -ggdb"; }
+        else
+                { $cflags="-O3 -fomit-frame-pointer"; }
+        }
+else
+        {
+        $cc='cc';
+        if ($debug)
+                { $cflags="-g"; }
+        else
+                { $cflags="-O"; }
+        }
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib=&which("ranlib") or $ranlib="true";
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+        return($ret);
+        }
+
+sub which
+        {
+        my ($name)=@_;
+        my $path;
+        foreach $path (split /:/, $ENV{PATH})
+                {
+                if (-x "$path/$name")
+                        {
+                        return "$path/$name";
+                        }
+                }
+        }
+
+1;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
new file mode 100644
index 0000000000..025d914f2e
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -0,0 +1,1184 @@
+: #!/usr/bin/perl-5.005
+    eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+        if $running_under_some_shell;
+
+$DEF_PM_SECTION = '3pm' || '3';
+
+=head1 NAME
+
+pod2man - translate embedded Perl pod directives into man pages
+
+=head1 SYNOPSIS
+
+B<pod2man>
+[ B<--section=>I<manext> ]
+[ B<--release=>I<relpatch> ]
+[ B<--center=>I<string> ]
+[ B<--date=>I<string> ]
+[ B<--fixed=>I<font> ]
+[ B<--official> ]
+[ B<--lax> ]
+I<inputfile>
+
+=head1 DESCRIPTION
+
+B<pod2man> converts its input file containing embedded pod directives (see
+L<perlpod>) into nroff source suitable for viewing with nroff(1) or
+troff(1) using the man(7) macro set.
+
+Besides the obvious pod conversions, B<pod2man> also takes care of
+func(), func(n), and simple variable references like $foo or @bar so
+you don't have to use code escapes for them; complex expressions like
+C<$fred{'stuff'}> will still need to be escaped, though.  Other nagging
+little roffish things that it catches include translating the minus in
+something like foo-bar, making a long dash--like this--into a real em
+dash, fixing up "paired quotes", putting a little space after the
+parens in something like func(), making C++ and PI look right, making
+double underbars have a little tiny space between them, making ALLCAPS
+a teeny bit smaller in troff(1), and escaping backslashes so you don't
+have to.
+
+=head1 OPTIONS
+
+=over 8
+
+=item center
+
+Set the centered header to a specific string.  The default is
+"User Contributed Perl Documentation", unless the C<--official> flag is
+given, in which case the default is "Perl Programmers Reference Guide".
+
+=item date
+
+Set the left-hand footer string to this value.  By default,
+the modification date of the input file will be used.
+
+=item fixed
+
+The fixed font to use for code refs.  Defaults to CW.
+
+=item official
+
+Set the default header to indicate that this page is of
+the standard release in case C<--center> is not given.
+
+=item release
+
+Set the centered footer.  By default, this is the current
+perl release.
+
+=item section
+
+Set the section for the C<.TH> macro.  The standard conventions on
+sections are to use 1 for user commands,  2 for system calls, 3 for
+functions, 4 for devices, 5 for file formats, 6 for games, 7 for
+miscellaneous information, and 8 for administrator commands.  This works
+best if you put your Perl man pages in a separate tree, like
+F</usr/local/perl/man/>.  By default, section 1 will be used
+unless the file ends in F<.pm> in which case section 3 will be selected.
+
+=item lax
+
+Don't complain when required sections aren't present.
+
+=back
+
+=head1 Anatomy of a Proper Man Page
+
+For those not sure of the proper layout of a man page, here's
+an example of the skeleton of a proper man page.  Head of the
+major headers should be setout as a C<=head1> directive, and
+are historically written in the rather startling ALL UPPER CASE
+format, although this is not mandatory.
+Minor headers may be included using C<=head2>, and are
+typically in mixed case.
+
+=over 10
+
+=item NAME
+
+Mandatory section; should be a comma-separated list of programs or
+functions documented by this podpage, such as:
+
+    foo, bar - programs to do something
+
+=item SYNOPSIS
+
+A short usage summary for programs and functions, which
+may someday be deemed mandatory.
+
+=item DESCRIPTION
+
+Long drawn out discussion of the program.  It's a good idea to break this
+up into subsections using the C<=head2> directives, like
+
+    =head2 A Sample Subection
+
+    =head2 Yet Another Sample Subection
+
+=item OPTIONS
+
+Some people make this separate from the description.
+
+=item RETURN VALUE
+
+What the program or function returns if successful.
+
+=item ERRORS
+
+Exceptions, return codes, exit stati, and errno settings.
+
+=item EXAMPLES
+
+Give some example uses of the program.
+
+=item ENVIRONMENT
+
+Envariables this program might care about.
+
+=item FILES
+
+All files used by the program.  You should probably use the FE<lt>E<gt>
+for these.
+
+=item SEE ALSO
+
+Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).
+
+=item NOTES
+
+Miscellaneous commentary.
+
+=item CAVEATS
+
+Things to take special care with; sometimes called WARNINGS.
+
+=item DIAGNOSTICS
+
+All possible messages the program can print out--and
+what they mean.
+
+=item BUGS
+
+Things that are broken or just don't work quite right.
+
+=item RESTRICTIONS
+
+Bugs you don't plan to fix :-)
+
+=item AUTHOR
+
+Who wrote it (or AUTHORS if multiple).
+
+=item HISTORY
+
+Programs derived from other sources sometimes have this, or
+you might keep a modification log here.
+
+=back
+
+=head1 EXAMPLES
+
+    pod2man program > program.1
+    pod2man some_module.pm > /usr/perl/man/man3/some_module.3
+    pod2man --section=7 note.pod > note.7
+
+=head1 DIAGNOSTICS
+
+The following diagnostics are generated by B<pod2man>.  Items
+marked "(W)" are non-fatal, whereas the "(F)" errors will cause
+B<pod2man> to immediately exit with a non-zero status.
+
+=over 4
+
+=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>
+
+(W) If you start include an option, you should set it off
+as bold, italic, or code.
+
+=item can't open %s: %s
+
+(F) The input file wasn't available for the given reason.
+
+=item Improper man page - no dash in NAME header in paragraph %d of %s
+
+(W) The NAME header did not have an isolated dash in it.  This is
+considered important.
+
+=item Invalid man page - no NAME line in %s
+
+(F) You did not include a NAME header, which is essential.
+
+=item roff font should be 1 or 2 chars, not `%s'  (F)
+
+(F) The font specified with the C<--fixed> option was not
+a one- or two-digit roff font.
+
+=item %s is missing required section: %s
+
+(W) Required sections include NAME, DESCRIPTION, and if you're
+using a section starting with a 3, also a SYNOPSIS.  Actually,
+not having a NAME is a fatal.
+
+=item Unknown escape: %s in %s
+
+(W) An unknown HTML entity (probably for an 8-bit character) was given via
+a C<EE<lt>E<gt>> directive.  Besides amp, lt, gt, and quot, recognized
+entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave,
+Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute,
+Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc,
+icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc,
+ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig,
+THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml,
+Yacute, yacute, and yuml.
+
+=item Unmatched =back
+
+(W) You have a C<=back> without a corresponding C<=over>.
+
+=item Unrecognized pod directive: %s
+
+(W) You specified a pod directive that isn't in the known list of
+C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>.
+
+
+=back
+
+=head1 NOTES
+
+If you would like to print out a lot of man page continuously, you
+probably want to set the C and D registers to set contiguous page
+numbering and even/odd paging, at least on some versions of man(7).
+Settting the F register will get you some additional experimental
+indexing:
+
+    troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...
+
+The indexing merely outputs messages via C<.tm> for each
+major page, section, subsection, item, and any C<XE<lt>E<gt>>
+directives.
+
+
+=head1 RESTRICTIONS
+
+None at this time.
+
+=head1 BUGS
+
+The =over and =back directives don't really work right.  They
+take absolute positions instead of offsets, don't nest well, and
+making people count is suboptimal in any event.
+
+=head1 AUTHORS
+
+Original prototype by Larry Wall, but so massively hacked over by
+Tom Christiansen such that Larry probably doesn't recognize it anymore.
+
+=cut
+
+$/ = "";
+$cutting = 1;
+@Indices = ();
+
+# We try first to get the version number from a local binary, in case we're
+# running an installed version of Perl to produce documentation from an
+# uninstalled newer version's pod files.
+if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') {
+  my $perl = (-x './perl' && -f './perl' ) ?
+                 './perl' :
+                 ((-x '../perl' && -f '../perl') ?
+                      '../perl' :
+                      '');
+  ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl;
+}
+# No luck; we'll just go with the running Perl's version
+($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version;
+$DEF_RELEASE  = "perl $version";
+$DEF_RELEASE .= ", patch $patch" if $patch;
+
+
+sub makedate {
+    my $secs = shift;
+    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs);
+    my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon];
+    $year += 1900;
+    return "$mday/$mname/$year";
+}
+
+use Getopt::Long;
+
+$DEF_SECTION = 1;
+$DEF_CENTER = "User Contributed Perl Documentation";
+$STD_CENTER = "Perl Programmers Reference Guide";
+$DEF_FIXED = 'CW';
+$DEF_LAX = 0;
+
+sub usage {
+    warn "$0: @_\n" if @_;
+    die <<EOF;
+usage: $0 [options] podpage
+Options are:
+        --section=manext      (default "$DEF_SECTION")
+        --release=relpatch    (default "$DEF_RELEASE")
+        --center=string       (default "$DEF_CENTER")
+        --date=string         (default "$DEF_DATE")
+        --fixed=font          (default "$DEF_FIXED")
+        --official            (default NOT)
+        --lax                 (default NOT)
+EOF
+}
+
+$uok = GetOptions( qw(
+        section=s
+        release=s
+        center=s
+        date=s
+        fixed=s
+        official
+        lax
+        help));
+
+$DEF_DATE = makedate((stat($ARGV[0]))[9] || time());
+
+usage("Usage error!") unless $uok;
+usage() if $opt_help;
+usage("Need one and only one podpage argument") unless @ARGV == 1;
+
+$section = $opt_section || ($ARGV[0] =~ /\.pm$/
+                                ? $DEF_PM_SECTION : $DEF_SECTION);
+$RP = $opt_release || $DEF_RELEASE;
+$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER);
+$lax = $opt_lax || $DEF_LAX;
+
+$CFont = $opt_fixed || $DEF_FIXED;
+
+if (length($CFont) == 2) {
+    $CFont_embed = "\\f($CFont";
+}
+elsif (length($CFont) == 1) {
+    $CFont_embed = "\\f$CFont";
+}
+else {
+    die "roff font should be 1 or 2 chars, not `$CFont_embed'";
+}
+
+$date = $opt_date || $DEF_DATE;
+
+for (qw{NAME DESCRIPTION}) {
+# for (qw{NAME DESCRIPTION AUTHOR}) {
+    $wanna_see{$_}++;
+}
+$wanna_see{SYNOPSIS}++ if $section =~ /^3/;
+
+
+$name = @ARGV ? $ARGV[0] : "<STDIN>";
+$Filename = $name;
+if ($section =~ /^1/) {
+    require File::Basename;
+    $name = uc File::Basename::basename($name);
+}
+$name =~ s/\.(pod|p[lm])$//i;
+
+# Lose everything up to the first of
+#     */lib/*perl*      standard or site_perl module
+#     */*perl*/lib      from -D prefix=/opt/perl
+#     */*perl*/         random module hierarchy
+# which works.
+$name =~ s-//+-/-g;
+if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i
+        or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i
+        or $name =~ s-^.*?/[^/]*perl[^/]*/--i) {
+    # Lose ^site(_perl)?/.
+    $name =~ s-^site(_perl)?/--;
+    # Lose ^arch/.      (XXX should we use Config? Just for archname?)
+    $name =~ s~^(.*-$^O|$^O-.*)/~~o;
+    # Lose ^version/.
+    $name =~ s-^\d+\.\d+/--;
+}
+
+# Translate Getopt/Long to Getopt::Long, etc.
+$name =~ s(/)(::)g;
+
+if ($name ne 'something') {
+    FCHECK: {
+        open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!";
+        while (<F>) {
+            next unless /^=\b/;
+            if (/^=head1\s+NAME\s*$/) {  # an /m would forgive mistakes
+                $_ = <F>;
+                unless (/\s*-+\s+/) {
+                    $oops++;
+                    warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n"
+                } else {
+                    my @n = split /\s+-+\s+/;
+                    if (@n != 2) {
+                        $oops++;
+                        warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+                    }
+                    else {
+                        $n[0] =~ s/\n/ /g;
+                        $n[1] =~ s/\n/ /g;
+                        %namedesc = @n;
+                    }
+                }
+                last FCHECK;
+            }
+            next if /^=cut\b/;  # DB_File and Net::Ping have =cut before NAME
+            next if /^=pod\b/;  # It is OK to have =pod before NAME
+            next if /^=(for|begin|end)\s+comment\b/;  # It is OK to have =for =begin or =end comment before NAME
+            die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
+        }
+        die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
+    }
+    close F;
+}
+
+print <<"END";
+.rn '' }`
+''' \$RCSfile\$\$Revision\$\$Date\$
+'''
+''' \$Log\$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\\fB\\\\\$1\\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\\\n(.\$>=3 .ne \\\\\$3
+.el .ne 3
+.IP "\\\\\$1" \\\\\$2
+..
+.de Vb
+.ft $CFont
+.nf
+.ne \\\\\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \\*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \\(*W-|\\(bv\\*(Tr
+.ie n \\{\\
+.ds -- \\(*W-
+.ds PI pi
+.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch
+.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+'''   \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of
+'''   \\*(L" and \\*(R", except that they are used on ".xx" lines,
+'''   such as .IP and .SH, which do another additional levels of
+'''   double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\\}
+.el\\{\\
+.ds -- \\(em\\|
+.tr \\*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \\(*p
+'br\\}
+END
+
+print <<'END';
+.\"     If the F register is turned on, we'll generate
+.\"     index entries out stderr for the following things:
+.\"             TH      Title 
+.\"             SH      Header
+.\"             Sh      Subsection 
+.\"             Ip      Item
+.\"             X<>     Xref  (embedded
+.\"     Of course, you have to process the output yourself
+.\"     in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+END
+
+print <<"END";
+.TH $name $section "$RP" "$date" "$center"
+.UC
+END
+
+push(@Indices, qq{.IX Title "$name $section"});
+
+while (($name, $desc) = each %namedesc) {
+    for ($name, $desc) { s/^\s+//; s/\s+$//; }
+    push(@Indices, qq(.IX Name "$name - $desc"\n));
+}
+
+print <<'END';
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+END
+print ".ft $CFont\n";
+print <<'END';
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.       \" AM - accent mark definitions
+.bd B 3
+.       \" fudge factors for nroff and troff
+.if n \{\
+.       ds #H 0
+.       ds #V .8m
+.       ds #F .3m
+.       ds #[ \f1
+.       ds #] \fP
+.\}
+.if t \{\
+.       ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.       ds #V .6m
+.       ds #F 0
+.       ds #[ \&
+.       ds #] \&
+.\}
+.       \" simple accents for nroff and troff
+.if n \{\
+.       ds ' \&
+.       ds ` \&
+.       ds ^ \&
+.       ds , \&
+.       ds ~ ~
+.       ds ? ?
+.       ds ! !
+.       ds /
+.       ds q
+.\}
+.if t \{\
+.       ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.       ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.       ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.       ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.       ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.       ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.       ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.       ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.       ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.       \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.       \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.       \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.       ds : e
+.       ds 8 ss
+.       ds v \h'-1'\o'\(aa\(ga'
+.       ds _ \h'-1'^
+.       ds . \h'-1'.
+.       ds 3 3
+.       ds o a
+.       ds d- d\h'-1'\(ga
+.       ds D- D\h'-1'\(hy
+.       ds th \o'bp'
+.       ds Th \o'LP'
+.       ds ae ae
+.       ds Ae AE
+.       ds oe oe
+.       ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+END
+
+$indent = 0;
+
+$begun = "";
+
+# Unrolling [^A-Z>]|[A-Z](?!<) gives:    // MRE pp 165.
+my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)';
+
+while (<>) {
+    if ($cutting) {
+        next unless /^=/;
+        $cutting = 0;
+    }
+    if ($begun) {
+        if (/^=end\s+$begun/) {
+            $begun = "";
+        }
+        elsif ($begun =~ /^(roff|man)$/) {
+            print STDOUT $_;
+        }
+        next;
+    }
+    chomp;
+
+    # Translate verbatim paragraph
+
+    if (/^\s/) {
+        @lines = split(/\n/);
+        for (@lines) {
+            1 while s
+                {^( [^\t]* ) \t ( \t* ) }
+                { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex;
+            s/\\/\\e/g;
+            s/\A/\\&/s;
+        }
+        $lines = @lines;
+        makespace() unless $verbatim++;
+        print ".Vb $lines\n";
+        print join("\n", @lines), "\n";
+        print ".Ve\n";
+        $needspace = 0;
+        next;
+    }
+
+    $verbatim = 0;
+
+    if (/^=for\s+(\S+)\s*/s) {
+        if ($1 eq "man" or $1 eq "roff") {
+            print STDOUT $',"\n\n";
+        } else {
+            # ignore unknown for
+        }
+        next;
+    }
+    elsif (/^=begin\s+(\S+)\s*/s) {
+        $begun = $1;
+        if ($1 eq "man" or $1 eq "roff") {
+            print STDOUT $'."\n\n";
+        }
+        next;
+    }
+
+    # check for things that'll hosed our noremap scheme; affects $_
+    init_noremap();
+
+    if (!/^=item/) {
+
+        # trofficate backslashes; must do it before what happens below
+        s/\\/noremap('\\e')/ge;
+
+        # protect leading periods and quotes against *roff
+        # mistaking them for directives
+        s/^(?:[A-Z]<)?[.']/\\&$&/gm;
+
+        # first hide the escapes in case we need to
+        # intuit something and get it wrong due to fmting
+
+        1 while s/([A-Z]<$nonest>)/noremap($1)/ge;
+
+        # func() is a reference to a perl function
+        s{
+            \b
+            (
+                [:\w]+ \(\)
+            )
+        } {I<$1>}gx;
+
+        # func(n) is a reference to a perl function or a man page
+        s{
+            ([:\w]+)
+            (
+                \( [^\051]+ \)
+            )
+        } {I<$1>\\|$2}gx;
+
+        # convert simple variable references
+        s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g;
+
+        if (m{ (
+                    [\-\w]+
+                    \(
+                        [^\051]*?
+                        [\@\$,]
+                        [^\051]*?
+                    \)
+                )
+            }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/)
+        {
+            warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n";
+            $oops++;
+        }
+
+        while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) {
+            warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n";
+            $oops++;
+        }
+
+        # put it back so we get the <> processed again;
+        clear_noremap(0); # 0 means leave the E's
+
+    } else {
+        # trofficate backslashes
+        s/\\/noremap('\\e')/ge;
+
+    }
+
+    # need to hide E<> first; they're processed in clear_noremap
+    s/(E<[^<>]+>)/noremap($1)/ge;
+
+
+    $maxnest = 10;
+    while ($maxnest-- && /[A-Z]</) {
+
+        # can't do C font here
+        s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg;
+
+        # files and filelike refs in italics
+        s/F<($nonest)>/I<$1>/g;
+
+        # no break -- usually we want C<> for this
+        s/S<($nonest)>/nobreak($1)/eg;
+
+        # LREF: a la HREF L<show this text|man/section>
+        s:L<([^|>]+)\|[^>]+>:$1:g;
+
+        # LREF: a manpage(3f)
+        s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g;
+
+        # LREF: an =item on another manpage
+        s{
+            L<
+                ([^/]+)
+                /
+                (
+                    [:\w]+
+                    (\(\))?
+                )
+            >
+        } {the C<$2> entry in the I<$1> manpage}gx;
+
+        # LREF: an =item on this manpage
+        s{
+           ((?:
+            L<
+                /
+                (
+                    [:\w]+
+                    (\(\))?
+                )
+            >
+            (,?\s+(and\s+)?)?
+          )+)
+        } { internal_lrefs($1) }gex;
+
+        # LREF: a =head2 (head1?), maybe on a manpage, maybe right here
+        # the "func" can disambiguate
+        s{
+            L<
+                (?:
+                    ([a-zA-Z]\S+?) /
+                )?
+                "?(.*?)"?
+            >
+        }{
+            do {
+                $1      # if no $1, assume it means on this page.
+                    ?  "the section on I<$2> in the I<$1> manpage"
+                    :  "the section on I<$2>"
+            }
+        }gesx; # s in case it goes over multiple lines, so . matches \n
+
+        s/Z<>/\\&/g;
+
+        # comes last because not subject to reprocessing
+        s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg;
+    }
+
+    if (s/^=//) {
+        $needspace = 0;         # Assume this.
+
+        s/\n/ /g;
+
+        ($Cmd, $_) = split(' ', $_, 2);
+
+        $dotlevel = 1;
+        if ($Cmd eq 'head1') {
+           $dotlevel = 1;
+        }
+        elsif ($Cmd eq 'head2') {
+           $dotlevel = 1;
+        }
+        elsif ($Cmd eq 'item') {
+           $dotlevel = 2;
+        }
+
+        if (defined $_) {
+            &escapes($dotlevel);
+            s/"/""/g;
+        }
+
+        clear_noremap(1);
+
+        if ($Cmd eq 'cut') {
+            $cutting = 1;
+        }
+        elsif ($Cmd eq 'head1') {
+            s/\s+$//;
+            delete $wanna_see{$_} if exists $wanna_see{$_};
+            print qq{.SH "$_"\n};
+      push(@Indices, qq{.IX Header "$_"\n});
+        }
+        elsif ($Cmd eq 'head2') {
+            print qq{.Sh "$_"\n};
+      push(@Indices, qq{.IX Subsection "$_"\n});
+        }
+        elsif ($Cmd eq 'over') {
+            push(@indent,$indent);
+            $indent += ($_ + 0) || 5;
+        }
+        elsif ($Cmd eq 'back') {
+            $indent = pop(@indent);
+            warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent;
+            $needspace = 1;
+        }
+        elsif ($Cmd eq 'item') {
+            s/^\*( |$)/\\(bu$1/g;
+            # if you know how to get ":s please do
+            s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g;
+            s/\\\*\(L"([^"]+?)""/'$1'/g;
+            s/[^"]""([^"]+?)""[^"]/'$1'/g;
+            # here do something about the $" in perlvar?
+            print STDOUT qq{.Ip "$_" $indent\n};
+      push(@Indices, qq{.IX Item "$_"\n});
+        }
+        elsif ($Cmd eq 'pod') {
+            # this is just a comment
+        } 
+        else {
+            warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n";
+        }
+    }
+    else {
+        if ($needspace) {
+            &makespace;
+        }
+        &escapes(0);
+        clear_noremap(1);
+        print $_, "\n";
+        $needspace = 1;
+    }
+}
+
+print <<"END";
+
+.rn }` ''
+END
+
+if (%wanna_see && !$lax) {
+    @missing = keys %wanna_see;
+    warn "$0: $Filename is missing required section"
+        .  (@missing > 1 && "s")
+        .  ": @missing\n";
+    $oops++;
+}
+
+foreach (@Indices) { print "$_\n"; }
+
+exit;
+#exit ($oops != 0);
+
+#########################################################################
+
+sub nobreak {
+    my $string = shift;
+    $string =~ s/ /\\ /g;
+    $string;
+}
+
+sub escapes {
+    my $indot = shift;
+
+    s/X<(.*?)>/mkindex($1)/ge;
+
+    # translate the minus in foo-bar into foo\-bar for roff
+    s/([^0-9a-z-])-([^-])/$1\\-$2/g;
+
+    # make -- into the string version \*(-- (defined above)
+    s/\b--\b/\\*(--/g;
+    s/"--([^"])/"\\*(--$1/g;  # should be a better way
+    s/([^"])--"/$1\\*(--"/g;
+
+    # fix up quotes; this is somewhat tricky
+    my $dotmacroL = 'L';
+    my $dotmacroR = 'R';
+    if ( $indot == 1 ) {
+        $dotmacroL = 'M';
+        $dotmacroR = 'S';
+    }  
+    elsif ( $indot >= 2 ) {
+        $dotmacroL = 'N';
+        $dotmacroR = 'T';
+    }  
+    if (!/""/) {
+        s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge;
+        s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge;
+    }
+
+    #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g;
+    #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g;
+
+
+    # make sure that func() keeps a bit a space tween the parens
+    ### s/\b\(\)/\\|()/g;
+    ### s/\b\(\)/(\\|)/g;
+
+    # make C++ into \*C+, which is a squinched version (defined above)
+    s/\bC\+\+/\\*(C+/g;
+
+    # make double underbars have a little tiny space between them
+    s/__/_\\|_/g;
+
+    # PI goes to \*(PI (defined above)
+    s/\bPI\b/noremap('\\*(PI')/ge;
+
+    # make all caps a teeny bit smaller, but don't muck with embedded code literals
+    my $hidCFont = font('C');
+    if ($Cmd !~ /^head1/) { # SH already makes smaller
+        # /g isn't enough; 1 while or we'll be off
+
+#       1 while s{
+#           (?!$hidCFont)(..|^.|^)
+#           \b
+#           (
+#               [A-Z][\/A-Z+:\-\d_$.]+
+#           )
+#           (s?)                
+#           \b
+#       } {$1\\s-1$2\\s0}gmox;
+
+        1 while s{
+            (?!$hidCFont)(..|^.|^)
+            (
+                \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b
+            )
+        } {
+            $1 . noremap( '\\s-1' .  $2 . '\\s0' )
+        }egmox;
+
+    }
+}
+
+# make troff just be normal, but make small nroff get quoted
+# decided to just put the quotes in the text; sigh;
+sub ccvt {
+    local($_,$prev) = @_;
+    noremap(qq{.CQ "$_" \n\\&});
+}
+
+sub makespace {
+    if ($indent) {
+        print ".Sp\n";
+    }
+    else {
+        print ".PP\n";
+    }
+}
+
+sub mkindex {
+    my ($entry) = @_;
+    my @entries = split m:\s*/\s*:, $entry;
+    push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries;
+    return '';
+}
+
+sub font {
+    local($font) = shift;
+    return '\\f' . noremap($font);
+}
+
+sub noremap {
+    local($thing_to_hide) = shift;
+    $thing_to_hide =~ tr/\000-\177/\200-\377/;
+    return $thing_to_hide;
+}
+
+sub init_noremap {
+        # escape high bit characters in input stream
+        s/([\200-\377])/"E<".ord($1).">"/ge;
+}
+
+sub clear_noremap {
+    my $ready_to_print = $_[0];
+
+    tr/\200-\377/\000-\177/;
+
+    # trofficate backslashes
+    # s/(?!\\e)(?:..|^.|^)\\/\\e/g;
+
+    # now for the E<>s, which have been hidden until now
+    # otherwise the interative \w<> processing would have
+    # been hosed by the E<gt>
+    s {
+            E<
+            (
+                ( \d + ) 
+                | ( [A-Za-z]+ ) 
+            )
+            >   
+    } {
+         do {
+             defined $2
+                ? chr($2)
+                :       
+             exists $HTML_Escapes{$3}
+                ? do { $HTML_Escapes{$3} }
+                : do {
+                    warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n";
+                    "E<$1>";
+                }
+         }
+    }egx if $ready_to_print;
+}
+
+sub internal_lrefs {
+    local($_) = shift;
+    local $trailing_and = s/and\s+$// ? "and " : "";
+
+    s{L</([^>]+)>}{$1}g;
+    my(@items) = split( /(?:,?\s+(?:and\s+)?)/ );
+    my $retstr = "the ";
+    my $i;
+    for ($i = 0; $i <= $#items; $i++) {
+        $retstr .= "C<$items[$i]>";
+        $retstr .= ", " if @items > 2 && $i != $#items;
+        $retstr .= " and " if $i+2 == @items;
+    }
+
+    $retstr .= " entr" . ( @items > 1  ? "ies" : "y" )
+            .  " elsewhere in this document";
+    # terminal space to avoid words running together (pattern used
+    # strips terminal spaces)
+    $retstr .= " " if length $trailing_and;
+    $retstr .=  $trailing_and;
+
+    return $retstr;
+
+}
+
+BEGIN {
+%HTML_Escapes = (
+    'amp'       =>      '&',    #   ampersand
+    'lt'        =>      '<',    #   left chevron, less-than
+    'gt'        =>      '>',    #   right chevron, greater-than
+    'quot'      =>      '"',    #   double quote
+
+    "Aacute"    =>      "A\\*'",        #   capital A, acute accent
+    "aacute"    =>      "a\\*'",        #   small a, acute accent
+    "Acirc"     =>      "A\\*^",        #   capital A, circumflex accent
+    "acirc"     =>      "a\\*^",        #   small a, circumflex accent
+    "AElig"     =>      '\*(AE',        #   capital AE diphthong (ligature)
+    "aelig"     =>      '\*(ae',        #   small ae diphthong (ligature)
+    "Agrave"    =>      "A\\*`",        #   capital A, grave accent
+    "agrave"    =>      "A\\*`",        #   small a, grave accent
+    "Aring"     =>      'A\\*o',        #   capital A, ring
+    "aring"     =>      'a\\*o',        #   small a, ring
+    "Atilde"    =>      'A\\*~',        #   capital A, tilde
+    "atilde"    =>      'a\\*~',        #   small a, tilde
+    "Auml"      =>      'A\\*:',        #   capital A, dieresis or umlaut mark
+    "auml"      =>      'a\\*:',        #   small a, dieresis or umlaut mark
+    "Ccedil"    =>      'C\\*,',        #   capital C, cedilla
+    "ccedil"    =>      'c\\*,',        #   small c, cedilla
+    "Eacute"    =>      "E\\*'",        #   capital E, acute accent
+    "eacute"    =>      "e\\*'",        #   small e, acute accent
+    "Ecirc"     =>      "E\\*^",        #   capital E, circumflex accent
+    "ecirc"     =>      "e\\*^",        #   small e, circumflex accent
+    "Egrave"    =>      "E\\*`",        #   capital E, grave accent
+    "egrave"    =>      "e\\*`",        #   small e, grave accent
+    "ETH"       =>      '\\*(D-',       #   capital Eth, Icelandic
+    "eth"       =>      '\\*(d-',       #   small eth, Icelandic
+    "Euml"      =>      "E\\*:",        #   capital E, dieresis or umlaut mark
+    "euml"      =>      "e\\*:",        #   small e, dieresis or umlaut mark
+    "Iacute"    =>      "I\\*'",        #   capital I, acute accent
+    "iacute"    =>      "i\\*'",        #   small i, acute accent
+    "Icirc"     =>      "I\\*^",        #   capital I, circumflex accent
+    "icirc"     =>      "i\\*^",        #   small i, circumflex accent
+    "Igrave"    =>      "I\\*`",        #   capital I, grave accent
+    "igrave"    =>      "i\\*`",        #   small i, grave accent
+    "Iuml"      =>      "I\\*:",        #   capital I, dieresis or umlaut mark
+    "iuml"      =>      "i\\*:",        #   small i, dieresis or umlaut mark
+    "Ntilde"    =>      'N\*~',         #   capital N, tilde
+    "ntilde"    =>      'n\*~',         #   small n, tilde
+    "Oacute"    =>      "O\\*'",        #   capital O, acute accent
+    "oacute"    =>      "o\\*'",        #   small o, acute accent
+    "Ocirc"     =>      "O\\*^",        #   capital O, circumflex accent
+    "ocirc"     =>      "o\\*^",        #   small o, circumflex accent
+    "Ograve"    =>      "O\\*`",        #   capital O, grave accent
+    "ograve"    =>      "o\\*`",        #   small o, grave accent
+    "Oslash"    =>      "O\\*/",        #   capital O, slash
+    "oslash"    =>      "o\\*/",        #   small o, slash
+    "Otilde"    =>      "O\\*~",        #   capital O, tilde
+    "otilde"    =>      "o\\*~",        #   small o, tilde
+    "Ouml"      =>      "O\\*:",        #   capital O, dieresis or umlaut mark
+    "ouml"      =>      "o\\*:",        #   small o, dieresis or umlaut mark
+    "szlig"     =>      '\*8',          #   small sharp s, German (sz ligature)
+    "THORN"     =>      '\\*(Th',       #   capital THORN, Icelandic
+    "thorn"     =>      '\\*(th',,      #   small thorn, Icelandic
+    "Uacute"    =>      "U\\*'",        #   capital U, acute accent
+    "uacute"    =>      "u\\*'",        #   small u, acute accent
+    "Ucirc"     =>      "U\\*^",        #   capital U, circumflex accent
+    "ucirc"     =>      "u\\*^",        #   small u, circumflex accent
+    "Ugrave"    =>      "U\\*`",        #   capital U, grave accent
+    "ugrave"    =>      "u\\*`",        #   small u, grave accent
+    "Uuml"      =>      "U\\*:",        #   capital U, dieresis or umlaut mark
+    "uuml"      =>      "u\\*:",        #   small u, dieresis or umlaut mark
+    "Yacute"    =>      "Y\\*'",        #   capital Y, acute accent
+    "yacute"    =>      "y\\*'",        #   small y, acute accent
+    "yuml"      =>      "y\\*:",        #   small y, dieresis or umlaut mark
+);
+}
+
diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest
new file mode 100644
index 0000000000..384e683df4
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+# This script is used by test/Makefile to check whether a sane 'pod2man'
+# is installed.
+# ('make install' should not try to run 'pod2man' if it does not exist or if
+# it is a broken 'pod2man' version that is known to cause trouble. if we find
+# the system 'pod2man' to be broken, we use our own copy instead)
+#
+# In any case, output an appropriate command line for running (or not
+# running) pod2man.
+
+
+IFS=:
+if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
+
+try_without_dir=true
+# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+for dir in dummy${IFS}$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      pod2man=pod2man
+      try_without_dir=false
+    else
+      # second and later iterations
+      pod2man="$dir/pod2man"
+      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
+        pod2man=''
+      fi
+    fi
+
+    if [ ! "$pod2man" = '' ]; then
+        failure=none
+
+        if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+            :
+        else
+            failure=BasicTest
+        fi
+
+        if [ "$failure" = none ]; then
+            if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+                failure=MultilineTest
+            fi
+        fi
+
+
+        if [ "$failure" = none ]; then
+            echo "$pod2man"
+            exit 0
+        fi
+
+        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
+    fi
+done
+
+echo "No working pod2man found.  Consider installing a new version." >&2
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
diff --git a/src/lib/libcrypto/util/pod2mantest.pod b/src/lib/libcrypto/util/pod2mantest.pod
new file mode 100644
index 0000000000..5d2539a17f
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest.pod
@@ -0,0 +1,15 @@
+=pod
+
+=head1 NAME
+
+foo, bar,
+MARKER - test of multiline name section
+
+=head1 DESCRIPTION
+
+This is a test .pod file to see if we have a buggy pod2man or not.
+If we have a buggy implementation, we will get a line matching the
+regular expression "^ +MARKER - test of multiline name section *$"
+at the end of the resulting document.
+
+=cut
diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh
new file mode 100644
index 0000000000..da39899cb1
--- /dev/null
+++ b/src/lib/libcrypto/util/point.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+rm -f "$2"
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
+    cp "$1" "$2"
+else
+    ln -s "$1" "$2"
+fi
+echo "$2 => $1"
+
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
new file mode 100644
index 0000000000..7b32e9f4ff
--- /dev/null
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -0,0 +1,201 @@
+#!/usr/local/bin/perl -w
+#
+# Run the test suite and generate a report
+#
+
+if (! -f "Configure") {
+    print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
+    exit 1;
+}
+
+my $report="testlog";
+my $os="??";
+my $version="??";
+my $platform0="??";
+my $platform="??";
+my $options="??";
+my $last="??";
+my $ok=0;
+my $cc="cc";
+my $cversion="??";
+my $sep="-----------------------------------------------------------------------------\n";
+my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
+
+open(OUT,">$report") or die;
+
+print OUT "OpenSSL self-test report:\n\n";
+
+$uname=`uname -a`;
+$uname="??\n" if $uname eq "";
+
+$c=`sh config -t`;
+foreach $_ (split("\n",$c)) {
+    $os=$1 if (/Operating system: (.*)$/);
+    $platform0=$1 if (/Configuring for (.*)$/);
+}
+
+system "sh config" if (! -f "Makefile");
+
+if (open(IN,"<Makefile")) {
+    while (<IN>) {
+        $version=$1 if (/^VERSION=(.*)$/);
+        $platform=$1 if (/^PLATFORM=(.*)$/);
+        $options=$1 if (/^OPTIONS=(.*)$/);
+        $cc=$1 if (/^CC= *(.*)$/);
+    }
+    close(IN);
+} else {
+    print OUT "Error running config!\n";
+}
+
+$cversion=`$cc -v 2>&1`;
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
+$cversion=`$cc -V |head -1` if $cversion =~ "Error";
+$cversion=`$cc --version` if $cversion eq "";
+$cversion =~ s/Reading specs.*\n//;
+$cversion =~ s/usage.*\n//;
+chomp $cversion;
+
+if (open(IN,"<CHANGES")) {
+    while(<IN>) {
+        if (/\*\) (.{0,55})/ && !/applies to/) {
+            $last=$1;
+            last;
+        }
+    }
+    close(IN);
+}
+
+print OUT "OpenSSL version:  $version\n";
+print OUT "Last change:      $last...\n";
+print OUT "Options:          $options\n" if $options ne "";
+print OUT "OS (uname):       $uname";
+print OUT "OS (config):      $os\n";
+print OUT "Target (default): $platform0\n";
+print OUT "Target:           $platform\n";
+print OUT "Compiler:         $cversion\n";
+print OUT "\n";
+
+print "Checking compiler...\n";
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    close(TEST);
+    system("$cc -o cctest cctest.c");
+    if (`./cctest` !~ /Hello world/) {
+        print OUT "Compiler doesn't work.\n";
+        print OUT $not_our_fault;
+        goto err;
+    }
+    system("ar r cctest.a /dev/null");
+    if (not -f "cctest.a") {
+        print OUT "Check your archive tool (ar).\n";
+        print OUT $not_our_fault;
+        goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <stdlib.h>\n#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    close(TEST);
+    system("$cc -o cctest -Iinclude cctest.c");
+    $cctest = `./cctest`;
+    if ($cctest !~ /OpenSSL $version/) {
+        if ($cctest =~ /OpenSSL/) {
+            print OUT "#include uses headers from different OpenSSL version!\n";
+        } else {
+            print OUT "Can't compile test program!\n";
+        }
+        print OUT $not_our_fault;
+        goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+
+print "Running make...\n";
+if (system("make 2>&1 | tee make.log") > 255) {
+
+    print OUT "make failed!\n";
+    if (open(IN,"<make.log")) {
+        print OUT $sep;
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "make.log not found!\n";
+    }
+    goto err;
+}
+
+# Not sure why this is here.  The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+#                   -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+#    print OUT "Test skipped.\n";
+#    goto err;
+#}
+
+print "Running make test...\n";
+if (system("make test 2>&1 | tee maketest.log") > 255)
+ {
+    print OUT "make test failed!\n";
+} else {
+    $ok=1;
+}
+
+if ($ok and open(IN,"<maketest.log")) {
+    while (<IN>) {
+        $ok=2 if /^platform: $platform/;
+    }
+    close(IN);
+}
+
+if ($ok != 2) {
+    print OUT "Failure!\n";
+    if (open(IN,"<make.log")) {
+        print OUT $sep;
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "make.log not found!\n";
+    }
+    if (open(IN,"<maketest.log")) {
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "maketest.log not found!\n";
+    }
+} else {
+    print OUT "Test passed.\n";
+}
+err:
+close(OUT);
+
+print "\n";
+open(IN,"<$report") or die;
+while (<IN>) {
+    if (/$sep/) {
+        print "[...]\n";
+        last;
+    }
+    print;
+}
+print "\nTest report in file $report\n";
+
diff --git a/src/lib/libcrypto/util/shlib_wrap.sh b/src/lib/libcrypto/util/shlib_wrap.sh
new file mode 100755
index 0000000000..8775cb5411
--- /dev/null
+++ b/src/lib/libcrypto/util/shlib_wrap.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+[ $# -ne 0 ] || set -x          # debug mode without arguments:-)
+
+THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
+[ -d "${THERE}" ] || exec "$@"  # should never happen...
+
+# Alternative to this is to parse ${THERE}/Makefile...
+LIBCRYPTOSO="${THERE}/libcrypto.so"
+if [ -f "$LIBCRYPTOSO" ]; then
+    while [ -h "$LIBCRYPTOSO" ]; do
+        LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
+    done
+    SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
+    LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
+fi
+
+SYSNAME=`(uname -s) 2>/dev/null`;
+case "$SYSNAME" in
+SunOS|IRIX*)
+        # SunOS and IRIX run-time linkers evaluate alternative
+        # variables depending on target ABI...
+        rld_var=LD_LIBRARY_PATH
+        case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
+        *ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
+                [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
+                LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
+                preload_var=LD_PRELOAD_64
+                ;;
+        # Why are newly built .so's preloaded anyway? Because run-time
+        # .so lookup path embedded into application takes precedence
+        # over LD_LIBRARY_PATH and as result application ends up linking
+        # to previously installed .so's. On IRIX instead of preloading
+        # newly built .so's we trick run-time linker to fail to find
+        # the installed .so by setting _RLD_ROOT variable.
+        *ELF\ 32*MIPS*)
+                #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
+                _RLD_ROOT=/no/such/dir; export _RLD_ROOT
+                eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLD_LIST
+                ;;
+        *ELF\ N32*MIPS*)
+                [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
+                #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
+                _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
+                eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLDN32_LIST
+                ;;
+        *ELF\ 64*MIPS*)
+                [ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
+                #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
+                _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
+                eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLD64_LIST
+                ;;
+        esac
+        eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
+        unset rld_var
+        ;;
+*)      LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"     # Linux, ELF HP-UX
+        DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X
+        SHLIB_PATH="${THERE}:$SHLIB_PATH"               # legacy HP-UX
+        LIBPATH="${THERE}:$LIBPATH"                     # AIX, OS/2
+        export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
+        # Even though $PATH is adjusted [for Windows sake], it doesn't
+        # necessarily does the trick. Trouble is that with introduction
+        # of SafeDllSearchMode in XP/2003 it's more appropriate to copy
+        # .DLLs in vicinity of executable, which is done elsewhere...
+        if [ "$OSTYPE" != msdosdjgpp ]; then
+                PATH="${THERE}:$PATH"; export PATH
+        fi
+        ;;
+esac
+
+if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
+        # Following three lines are major excuse for isolating them into
+        # this wrapper script. Original reason for setting LD_PRELOAD
+        # was to make it possible to pass 'make test' when user linked
+        # with -rpath pointing to previous version installation. Wrapping
+        # it into a script makes it possible to do so on multi-ABI
+        # platforms.
+        case "$SYSNAME" in
+        *BSD|QNX)       LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD, QNX
+        *)      LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;  # SunOS, Linux, ELF HP-UX
+        esac
+        _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"      # Tru64, o32 IRIX
+        DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO"  # MacOS X
+        export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
+fi
+
+cmd="$1${EXE_EXT}"
+shift
+if [ $# -eq 0 ]; then
+        exec "$cmd"     # old sh, such as Tru64 4.x, fails to expand empty "$@"
+else
+        exec "$cmd" "$@"
+fi
diff --git a/src/lib/libcrypto/util/sp-diff.pl b/src/lib/libcrypto/util/sp-diff.pl
new file mode 100644
index 0000000000..9d6c60387f
--- /dev/null
+++ b/src/lib/libcrypto/util/sp-diff.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl
+#
+# This file takes as input, the files that have been output from
+# ssleay speed.
+# It prints a table of the relative differences with %100 being 'no difference'
+#
+
+($#ARGV == 1) || die "$0 speedout1 speedout2\n";
+
+%one=&loadfile($ARGV[0]);
+%two=&loadfile($ARGV[1]);
+
+$line=0;
+foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+        "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
+        {
+        if (defined($one{$a,8}) && defined($two{$a,8}))
+                {
+                print "type              8 byte%    64 byte%   256 byte%  1024 byte%  8192 byte%\n"
+                        unless $line;
+                $line++;
+                printf "%-12s ",$a;
+                foreach $b (8,64,256,1024,8192)
+                        {
+                        $r=$two{$a,$b}/$one{$a,$b}*100;
+                        printf "%12.2f",$r;
+                        }
+                print "\n";
+                }
+        }
+
+foreach $a      (
+                "rsa  512","rsa 1024","rsa 2048","rsa 4096",
+                "dsa  512","dsa 1024","dsa 2048",
+                )
+        {
+        if (defined($one{$a,1}) && defined($two{$a,1}))
+                {
+                $r1=($one{$a,1}/$two{$a,1})*100;
+                $r2=($one{$a,2}/$two{$a,2})*100;
+                printf "$a bits %%    %6.2f %%    %6.2f\n",$r1,$r2;
+                }
+        }
+
+sub loadfile
+        {
+        local($file)=@_;
+        local($_,%ret);
+
+        open(IN,"<$file") || die "unable to open '$file' for input\n";
+        $header=1;
+        while (<IN>)
+                {
+                $header=0 if /^[dr]sa/;
+                if (/^type/) { $header=0; next; }
+                next if $header;
+                chop;
+                @a=split;
+                if ($a[0] =~ /^[dr]sa$/)
+                        {
+                        ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
+                        $ret{$n,1}=$t1;
+                        $ret{$n,2}=$t2;
+                        }
+                else
+                        {
+                        $n=join(' ',grep(/[^k]$/,@a));
+                        @k=grep(s/k$//,@a);
+                        
+                        $ret{$n,   8}=$k[0];
+                        $ret{$n,  64}=$k[1];
+                        $ret{$n, 256}=$k[2];
+                        $ret{$n,1024}=$k[3];
+                        $ret{$n,8192}=$k[4];
+                        }
+                }
+        close(IN);
+        return(%ret);
+        }
+
diff --git a/src/lib/libcrypto/util/speed.sh b/src/lib/libcrypto/util/speed.sh
new file mode 100644
index 0000000000..f489706197
--- /dev/null
+++ b/src/lib/libcrypto/util/speed.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#
+# This is a ugly script use, in conjuction with editing the 'b'
+# configuration in the $(TOP)/Configure script which will
+# output when finished a file called speed.log which is the
+# timings of SSLeay with various options turned on or off.
+#
+# from the $(TOP) directory
+# Edit Configure, modifying things to do with the b/bl-4c-2c etc
+# configurations.
+#
+
+make clean
+perl Configure b
+make
+apps/ssleay version -v -b -f >speed.1
+apps/ssleay speed >speed.1l
+
+perl Configure bl-4c-2c
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
+make
+apps/ssleay speed rc4 rsa md2 >speed.2l
+
+perl Configure bl-4c-ri
+/bin/rm -f crypto/rc4/rc4*.o
+make
+apps/ssleay speed rc4 >speed.3l
+
+perl Configure b2-is-ri-dp
+/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
+apps/ssleay speed rsa rc4 idea des >speed.4l
+
+cat speed.1 >speed.log
+cat speed.1l >>speed.log
+perl util/sp-diff.pl speed.1l speed.2l >>speed.log
+perl util/sp-diff.pl speed.1l speed.3l >>speed.log
+perl util/sp-diff.pl speed.1l speed.4l >>speed.log
+
diff --git a/src/lib/libcrypto/util/src-dep.pl b/src/lib/libcrypto/util/src-dep.pl
new file mode 100644
index 0000000000..ad997e4746
--- /dev/null
+++ b/src/lib/libcrypto/util/src-dep.pl
@@ -0,0 +1,147 @@
+#!/usr/local/bin/perl
+
+# we make up an array of
+# $file{function_name}=filename;
+# $unres{filename}="func1 func2 ...."
+$debug=1;
+#$nm_func="parse_linux";
+$nm_func="parse_solaris";
+
+foreach (@ARGV)
+        {
+        &$nm_func($_);
+        }
+
+foreach $file (sort keys %unres)
+        {
+        @a=split(/\s+/,$unres{$file});
+        %ff=();
+        foreach $func (@a)
+                {
+                $f=$file{$func};
+                $ff{$f}=1 if $f ne "";
+                }
+
+        foreach $a (keys %ff)
+                { $we_need{$file}.="$a "; }
+        }
+
+foreach $file (sort keys %we_need)
+        {
+#       print " $file $we_need{$file}\n";
+        foreach $bit (split(/\s+/,$we_need{$file}))
+                { push(@final,&walk($bit)); }
+
+        foreach (@final) { $fin{$_}=1; }
+        @final="";
+        foreach (sort keys %fin)
+                { push(@final,$_); }
+
+        print "$file: @final\n";
+        }
+
+sub walk
+        {
+        local($f)=@_;
+        local(@a,%seen,@ret,$r);
+
+        @ret="";
+        $f =~ s/^\s+//;
+        $f =~ s/\s+$//;
+        return "" if ($f =~ "^\s*$");
+
+        return(split(/\s/,$done{$f})) if defined ($done{$f});
+
+        return if $in{$f} > 0;
+        $in{$f}++;
+        push(@ret,$f);
+        foreach $r (split(/\s+/,$we_need{$f}))
+                {
+                push(@ret,&walk($r));
+                }
+        $in{$f}--;
+        $done{$f}=join(" ",@ret);
+        return(@ret);
+        }
+
+sub parse_linux
+        {
+        local($name)=@_;
+
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^[^[](.*):$/)
+                        {
+                        $file=$1;
+                        $file="$1.c" if /\[(.*).o\]/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                }
+                        }
+                }
+        close(IN);
+        }
+
+sub parse_solaris
+        {
+        local($name)=@_;
+
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^(\S+):$/)
+                        {
+                        $file=$1;
+                        #$file="$1.c" if $file =~ /^(.*).o$/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        print STDERR "$file needs $a[7]\n" if $debug;
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                print STDERR "$file has $a[7]\n" if $debug;
+                                }
+                        }
+                }
+        close(IN);
+        }
+
diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num
new file mode 100644
index 0000000000..37655bc40a
--- /dev/null
+++ b/src/lib/libcrypto/util/ssleay.num
@@ -0,0 +1,322 @@
+ERR_load_SSL_strings                    1       EXIST::FUNCTION:
+SSL_CIPHER_description                  2       EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   3       EXIST::FUNCTION:
+SSL_CTX_add_session                     4       EXIST::FUNCTION:
+SSL_CTX_check_private_key               5       EXIST::FUNCTION:
+SSL_CTX_ctrl                            6       EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  7       EXIST::FUNCTION:
+SSL_CTX_free                            8       EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              9       EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             10      EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 11      EXIST::FUNCTION:
+SSL_CTX_new                             12      EXIST::FUNCTION:
+SSL_CTX_remove_session                  13      EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 15      EXIST::FUNCTION:
+SSL_CTX_set_client_CA_list              16      EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           17      EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 19      EXIST::FUNCTION:
+SSL_CTX_set_verify                      21      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  22      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_ASN1             23      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24      EXIST::FUNCTION:STDIO
+SSL_CTX_use_RSAPrivateKey               25      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1          26      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27      EXIST::FUNCTION:RSA,STDIO
+SSL_CTX_use_certificate                 28      EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            29      EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30      EXIST::FUNCTION:STDIO
+SSL_SESSION_free                        31      EXIST::FUNCTION:
+SSL_SESSION_new                         32      EXIST::FUNCTION:
+SSL_SESSION_print                       33      EXIST::FUNCTION:BIO
+SSL_SESSION_print_fp                    34      EXIST::FUNCTION:FP_API
+SSL_accept                              35      EXIST::FUNCTION:
+SSL_add_client_CA                       36      EXIST::FUNCTION:
+SSL_alert_desc_string                   37      EXIST::FUNCTION:
+SSL_alert_desc_string_long              38      EXIST::FUNCTION:
+SSL_alert_type_string                   39      EXIST::FUNCTION:
+SSL_alert_type_string_long              40      EXIST::FUNCTION:
+SSL_check_private_key                   41      EXIST::FUNCTION:
+SSL_clear                               42      EXIST::FUNCTION:
+SSL_connect                             43      EXIST::FUNCTION:
+SSL_copy_session_id                     44      EXIST::FUNCTION:
+SSL_ctrl                                45      EXIST::FUNCTION:
+SSL_dup                                 46      EXIST::FUNCTION:
+SSL_dup_CA_list                         47      EXIST::FUNCTION:
+SSL_free                                48      EXIST::FUNCTION:
+SSL_get_certificate                     49      EXIST::FUNCTION:
+SSL_get_cipher_list                     52      EXIST::FUNCTION:
+SSL_get_ciphers                         55      EXIST::FUNCTION:
+SSL_get_client_CA_list                  56      EXIST::FUNCTION:
+SSL_get_default_timeout                 57      EXIST::FUNCTION:
+SSL_get_error                           58      EXIST::FUNCTION:
+SSL_get_fd                              59      EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 60      EXIST::FUNCTION:
+SSL_get_peer_certificate                61      EXIST::FUNCTION:
+SSL_get_rbio                            63      EXIST::FUNCTION:BIO
+SSL_get_read_ahead                      64      EXIST::FUNCTION:
+SSL_get_shared_ciphers                  65      EXIST::FUNCTION:
+SSL_get_ssl_method                      66      EXIST::FUNCTION:
+SSL_get_verify_callback                 69      EXIST::FUNCTION:
+SSL_get_verify_mode                     70      EXIST::FUNCTION:
+SSL_get_version                         71      EXIST::FUNCTION:
+SSL_get_wbio                            72      EXIST::FUNCTION:BIO
+SSL_load_client_CA_file                 73      EXIST::FUNCTION:STDIO
+SSL_load_error_strings                  74      EXIST::FUNCTION:
+SSL_new                                 75      EXIST::FUNCTION:
+SSL_peek                                76      EXIST::FUNCTION:
+SSL_pending                             77      EXIST::FUNCTION:
+SSL_read                                78      EXIST::FUNCTION:
+SSL_renegotiate                         79      EXIST::FUNCTION:
+SSL_rstate_string                       80      EXIST::FUNCTION:
+SSL_rstate_string_long                  81      EXIST::FUNCTION:
+SSL_set_accept_state                    82      EXIST::FUNCTION:
+SSL_set_bio                             83      EXIST::FUNCTION:BIO
+SSL_set_cipher_list                     84      EXIST::FUNCTION:
+SSL_set_client_CA_list                  85      EXIST::FUNCTION:
+SSL_set_connect_state                   86      EXIST::FUNCTION:
+SSL_set_fd                              87      EXIST::FUNCTION:SOCK
+SSL_set_read_ahead                      88      EXIST::FUNCTION:
+SSL_set_rfd                             89      EXIST::FUNCTION:SOCK
+SSL_set_session                         90      EXIST::FUNCTION:
+SSL_set_ssl_method                      91      EXIST::FUNCTION:
+SSL_set_verify                          94      EXIST::FUNCTION:
+SSL_set_wfd                             95      EXIST::FUNCTION:SOCK
+SSL_shutdown                            96      EXIST::FUNCTION:
+SSL_state_string                        97      EXIST::FUNCTION:
+SSL_state_string_long                   98      EXIST::FUNCTION:
+SSL_use_PrivateKey                      99      EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 100     EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101     EXIST::FUNCTION:STDIO
+SSL_use_RSAPrivateKey                   102     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1              103     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104     EXIST::FUNCTION:RSA,STDIO
+SSL_use_certificate                     105     EXIST::FUNCTION:
+SSL_use_certificate_ASN1                106     EXIST::FUNCTION:
+SSL_use_certificate_file                107     EXIST::FUNCTION:STDIO
+SSL_write                               108     EXIST::FUNCTION:
+SSLeay_add_ssl_algorithms               109     NOEXIST::FUNCTION:
+SSLv23_client_method                    110     EXIST::FUNCTION:RSA
+SSLv23_method                           111     EXIST::FUNCTION:RSA
+SSLv23_server_method                    112     EXIST::FUNCTION:RSA
+SSLv2_client_method                     113     EXIST::FUNCTION:RSA,SSL2
+SSLv2_method                            114     EXIST::FUNCTION:RSA,SSL2
+SSLv2_server_method                     115     EXIST::FUNCTION:RSA,SSL2
+SSLv3_client_method                     116     EXIST::FUNCTION:
+SSLv3_method                            117     EXIST::FUNCTION:
+SSLv3_server_method                     118     EXIST::FUNCTION:
+d2i_SSL_SESSION                         119     EXIST::FUNCTION:
+i2d_SSL_SESSION                         120     EXIST::FUNCTION:
+BIO_f_ssl                               121     EXIST::FUNCTION:BIO
+BIO_new_ssl                             122     EXIST::FUNCTION:BIO
+BIO_proxy_ssl_copy_session_id           123     NOEXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124     EXIST::FUNCTION:BIO
+SSL_do_handshake                        125     EXIST::FUNCTION:
+SSL_get_privatekey                      126     EXIST::FUNCTION:
+SSL_get_current_cipher                  127     EXIST::FUNCTION:
+SSL_CIPHER_get_bits                     128     EXIST::FUNCTION:
+SSL_CIPHER_get_version                  129     EXIST::FUNCTION:
+SSL_CIPHER_get_name                     130     EXIST::FUNCTION:
+BIO_ssl_shutdown                        131     EXIST::FUNCTION:BIO
+SSL_SESSION_cmp                         132     NOEXIST::FUNCTION:
+SSL_SESSION_hash                        133     NOEXIST::FUNCTION:
+SSL_SESSION_get_time                    134     EXIST::FUNCTION:
+SSL_SESSION_set_time                    135     EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 136     EXIST::FUNCTION:
+SSL_SESSION_set_timeout                 137     EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     138     EXIST::FUNCTION:
+SSL_CTX_get_quiet_shutdown              140     EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           141     EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        142     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_verify_paths            142     EXIST:VMS:FUNCTION:
+SSL_CTX_set_ex_data                     143     EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              145     EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 146     EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 148     EXIST::FUNCTION:
+SSL_get_SSL_CTX                         150     EXIST::FUNCTION:
+SSL_get_ex_data                         151     EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  153     EXIST::FUNCTION:
+SSL_get_session                         154     EXIST::FUNCTION:
+SSL_get_shutdown                        155     EXIST::FUNCTION:
+SSL_get_verify_result                   157     EXIST::FUNCTION:
+SSL_set_ex_data                         158     EXIST::FUNCTION:
+SSL_set_info_callback                   160     EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  161     EXIST::FUNCTION:
+SSL_set_shutdown                        162     EXIST::FUNCTION:
+SSL_set_verify_result                   163     EXIST::FUNCTION:
+SSL_version                             164     EXIST::FUNCTION:
+SSL_get_info_callback                   165     EXIST::FUNCTION:
+SSL_state                               166     EXIST::FUNCTION:
+SSL_CTX_get_ex_new_index                167     EXIST::FUNCTION:
+SSL_SESSION_get_ex_new_index            168     EXIST::FUNCTION:
+SSL_get_ex_new_index                    169     EXIST::FUNCTION:
+TLSv1_method                            170     EXIST::FUNCTION:
+TLSv1_server_method                     171     EXIST::FUNCTION:
+TLSv1_client_method                     172     EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173     EXIST::FUNCTION:BIO
+BIO_new_ssl_connect                     174     EXIST::FUNCTION:BIO
+SSL_get_ex_data_X509_STORE_CTX_idx      175     EXIST:!VMS:FUNCTION:
+SSL_get_ex_d_X509_STORE_CTX_idx         175     EXIST:VMS:FUNCTION:
+SSL_CTX_set_tmp_dh_callback             176     EXIST::FUNCTION:DH
+SSL_CTX_set_tmp_rsa_callback            177     EXIST::FUNCTION:RSA
+SSL_CTX_set_timeout                     178     EXIST::FUNCTION:
+SSL_CTX_get_timeout                     179     EXIST::FUNCTION:
+SSL_CTX_get_cert_store                  180     EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  181     EXIST::FUNCTION:
+SSL_want                                182     EXIST::FUNCTION:
+SSL_library_init                        183     EXIST::FUNCTION:
+SSL_COMP_add_compression_method         184     EXIST::FUNCTION:COMP
+SSL_add_file_cert_subjects_to_stack     185     EXIST:!VMS:FUNCTION:STDIO
+SSL_add_file_cert_subjs_to_stk          185     EXIST:VMS:FUNCTION:STDIO
+SSL_set_tmp_rsa_callback                186     EXIST::FUNCTION:RSA
+SSL_set_tmp_dh_callback                 187     EXIST::FUNCTION:DH
+SSL_add_dir_cert_subjects_to_stack      188     EXIST:!VMS:FUNCTION:STDIO
+SSL_add_dir_cert_subjs_to_stk           188     EXIST:VMS:FUNCTION:STDIO
+SSL_set_session_id_context              189     EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      222     EXIST:!VMS:FUNCTION:STDIO
+SSL_CTX_use_cert_chain_file             222     EXIST:VMS:FUNCTION:STDIO
+SSL_CTX_set_verify_depth                225     EXIST::FUNCTION:
+SSL_set_verify_depth                    226     EXIST::FUNCTION:
+SSL_CTX_get_verify_depth                228     EXIST::FUNCTION:
+SSL_get_verify_depth                    229     EXIST::FUNCTION:
+SSL_CTX_set_session_id_context          231     EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        232     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_cert_verify_cb              232     EXIST:VMS:FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  235     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_passwd_cb_ud            235     EXIST:VMS:FUNCTION:
+SSL_set_purpose                         236     EXIST::FUNCTION:
+SSL_CTX_set_trust                       237     EXIST::FUNCTION:
+SSL_CTX_set_purpose                     238     EXIST::FUNCTION:
+SSL_set_trust                           239     EXIST::FUNCTION:
+SSL_get_finished                        240     EXIST::FUNCTION:
+SSL_get_peer_finished                   241     EXIST::FUNCTION:
+SSL_get1_session                        242     EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   243     EXIST::FUNCTION:
+SSL_callback_ctrl                       244     EXIST::FUNCTION:
+SSL_CTX_sessions                        245     EXIST::FUNCTION:
+SSL_get_rfd                             246     EXIST::FUNCTION:
+SSL_get_wfd                             247     EXIST::FUNCTION:
+kssl_cget_tkt                           248     EXIST::FUNCTION:KRB5
+SSL_has_matching_session_id             249     EXIST::FUNCTION:
+kssl_err_set                            250     EXIST::FUNCTION:KRB5
+kssl_ctx_show                           251     EXIST::FUNCTION:KRB5
+kssl_validate_times                     252     EXIST::FUNCTION:KRB5
+kssl_check_authent                      253     EXIST::FUNCTION:KRB5
+kssl_ctx_new                            254     EXIST::FUNCTION:KRB5
+kssl_build_principal_2                  255     EXIST::FUNCTION:KRB5
+kssl_skip_confound                      256     EXIST::FUNCTION:KRB5
+kssl_sget_tkt                           257     EXIST::FUNCTION:KRB5
+SSL_set_generate_session_id             258     EXIST::FUNCTION:
+kssl_ctx_setkey                         259     EXIST::FUNCTION:KRB5
+kssl_ctx_setprinc                       260     EXIST::FUNCTION:KRB5
+kssl_ctx_free                           261     EXIST::FUNCTION:KRB5
+kssl_krb5_free_data_contents            262     EXIST::FUNCTION:KRB5
+kssl_ctx_setstring                      263     EXIST::FUNCTION:KRB5
+SSL_CTX_set_generate_session_id         264     EXIST::FUNCTION:
+SSL_renegotiate_pending                 265     EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                266     EXIST::FUNCTION:
+SSL_set_msg_callback                    267     EXIST::FUNCTION:
+DTLSv1_client_method                    268     EXIST::FUNCTION:
+SSL_CTX_set_tmp_ecdh_callback           269     EXIST::FUNCTION:ECDH
+SSL_set_tmp_ecdh_callback               270     EXIST::FUNCTION:ECDH
+SSL_COMP_get_name                       271     EXIST::FUNCTION:COMP
+SSL_get_current_compression             272     EXIST::FUNCTION:COMP
+DTLSv1_method                           273     EXIST::FUNCTION:
+SSL_get_current_expansion               274     EXIST::FUNCTION:COMP
+DTLSv1_server_method                    275     EXIST::FUNCTION:
+SSL_COMP_get_compression_methods        276     EXIST:!VMS:FUNCTION:COMP
+SSL_COMP_get_compress_methods           276     EXIST:VMS:FUNCTION:COMP
+SSL_SESSION_get_id                      277     EXIST::FUNCTION:
+SSL_CTX_sess_set_new_cb                 278     EXIST::FUNCTION:
+SSL_CTX_sess_get_get_cb                 279     EXIST::FUNCTION:
+SSL_CTX_sess_set_get_cb                 280     EXIST::FUNCTION:
+SSL_CTX_set_cookie_verify_cb            281     EXIST::FUNCTION:
+SSL_CTX_get_info_callback               282     EXIST::FUNCTION:
+SSL_CTX_set_cookie_generate_cb          283     EXIST::FUNCTION:
+SSL_CTX_set_client_cert_cb              284     EXIST::FUNCTION:
+SSL_CTX_sess_set_remove_cb              285     EXIST::FUNCTION:
+SSL_CTX_set_info_callback               286     EXIST::FUNCTION:
+SSL_CTX_sess_get_new_cb                 287     EXIST::FUNCTION:
+SSL_CTX_get_client_cert_cb              288     EXIST::FUNCTION:
+SSL_CTX_sess_get_remove_cb              289     EXIST::FUNCTION:
+SSL_set_SSL_CTX                         290     EXIST::FUNCTION:
+SSL_get_servername                      291     EXIST::FUNCTION:TLSEXT
+SSL_get_servername_type                 292     EXIST::FUNCTION:TLSEXT
+SSL_CTX_set_client_cert_engine          293     EXIST::FUNCTION:ENGINE
+SSL_CTX_use_psk_identity_hint           294     EXIST::FUNCTION:PSK
+SSL_CTX_set_psk_client_callback         295     EXIST::FUNCTION:PSK
+PEM_write_bio_SSL_SESSION               296     EXIST::FUNCTION:
+SSL_get_psk_identity_hint               297     EXIST::FUNCTION:PSK
+SSL_set_psk_server_callback             298     EXIST::FUNCTION:PSK
+SSL_use_psk_identity_hint               299     EXIST::FUNCTION:PSK
+SSL_set_psk_client_callback             300     EXIST::FUNCTION:PSK
+PEM_read_SSL_SESSION                    301     EXIST:!WIN16:FUNCTION:
+PEM_read_bio_SSL_SESSION                302     EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         303     EXIST::FUNCTION:PSK
+SSL_get_psk_identity                    304     EXIST::FUNCTION:PSK
+PEM_write_SSL_SESSION                   305     EXIST:!WIN16:FUNCTION:
+SSL_set_session_ticket_ext              306     EXIST::FUNCTION:
+SSL_set_session_secret_cb               307     EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           308     EXIST::FUNCTION:
+SSL_set1_param                          309     EXIST::FUNCTION:
+SSL_CTX_set1_param                      310     EXIST::FUNCTION:
+SSL_tls1_key_exporter                   311     NOEXIST::FUNCTION:
+SSL_renegotiate_abbreviated             312     EXIST::FUNCTION:
+TLSv1_1_method                          313     EXIST::FUNCTION:
+TLSv1_1_client_method                   314     EXIST::FUNCTION:
+TLSv1_1_server_method                   315     EXIST::FUNCTION:
+SSL_CTX_set_srp_client_pwd_callback     316     EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_client_pwd_cb           316     EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_g                           317     EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username_callback       318     EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_un_cb                   318     EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_userinfo                    319     EXIST::FUNCTION:SRP
+SSL_set_srp_server_param                320     EXIST::FUNCTION:SRP
+SSL_set_srp_server_param_pw             321     EXIST::FUNCTION:SRP
+SSL_get_srp_N                           322     EXIST::FUNCTION:SRP
+SSL_get_srp_username                    323     EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_password                324     EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_strength                325     EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_verify_param_callback   326     EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_vfy_param_cb            326     EXIST:VMS:FUNCTION:SRP
+SSL_CTX_set_srp_miss_srp_un_cb          327     NOEXIST::FUNCTION:
+SSL_CTX_set_srp_missing_srp_username_callback 327       NOEXIST::FUNCTION:
+SSL_CTX_set_srp_cb_arg                  328     EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username                329     EXIST::FUNCTION:SRP
+SSL_CTX_SRP_CTX_init                    330     EXIST::FUNCTION:SRP
+SSL_SRP_CTX_init                        331     EXIST::FUNCTION:SRP
+SRP_Calc_A_param                        332     EXIST::FUNCTION:SRP
+SRP_generate_server_master_secret       333     EXIST:!VMS:FUNCTION:SRP
+SRP_gen_server_master_secret            333     EXIST:VMS:FUNCTION:SRP
+SSL_CTX_SRP_CTX_free                    334     EXIST::FUNCTION:SRP
+SRP_generate_client_master_secret       335     EXIST:!VMS:FUNCTION:SRP
+SRP_gen_client_master_secret            335     EXIST:VMS:FUNCTION:SRP
+SSL_srp_server_param_with_username      336     EXIST:!VMS:FUNCTION:SRP
+SSL_srp_server_param_with_un            336     EXIST:VMS:FUNCTION:SRP
+SRP_have_to_put_srp_username            337     NOEXIST::FUNCTION:
+SSL_SRP_CTX_free                        338     EXIST::FUNCTION:SRP
+SSL_set_debug                           339     EXIST::FUNCTION:
+SSL_SESSION_get0_peer                   340     EXIST::FUNCTION:
+TLSv1_2_client_method                   341     EXIST::FUNCTION:
+SSL_SESSION_set1_id_context             342     EXIST::FUNCTION:
+TLSv1_2_server_method                   343     EXIST::FUNCTION:
+SSL_cache_hit                           344     EXIST::FUNCTION:
+SSL_get0_kssl_ctx                       345     EXIST::FUNCTION:KRB5
+SSL_set0_kssl_ctx                       346     EXIST::FUNCTION:KRB5
+SSL_SESSION_get0_id                     347     NOEXIST::FUNCTION:
+SSL_set_state                           348     EXIST::FUNCTION:
+SSL_CIPHER_get_id                       349     EXIST::FUNCTION:
+TLSv1_2_method                          350     EXIST::FUNCTION:
+SSL_SESSION_get_id_len                  351     NOEXIST::FUNCTION:
+kssl_ctx_get0_client_princ              352     EXIST::FUNCTION:KRB5
+SSL_export_keying_material              353     EXIST::FUNCTION:TLSEXT
+SSL_set_tlsext_use_srtp                 354     EXIST::FUNCTION:
+SSL_CTX_set_next_protos_advertised_cb   355     EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_protos_adv_cb          355     EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_get0_next_proto_negotiated          356     EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_selected_srtp_profile           357     EXIST::FUNCTION:
+SSL_CTX_set_tlsext_use_srtp             358     EXIST::FUNCTION:
+SSL_select_next_proto                   359     EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_srtp_profiles                   360     EXIST::FUNCTION:
+SSL_CTX_set_next_proto_select_cb        361     EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_proto_sel_cb           361     EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_SESSION_get_compress_id             362     EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/tab_num.pl b/src/lib/libcrypto/util/tab_num.pl
new file mode 100644
index 0000000000..a81ed0edc2
--- /dev/null
+++ b/src/lib/libcrypto/util/tab_num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+
+$num=1;
+$width=40;
+
+while (<>)
+        {
+        chop;
+
+        $i=length($_);
+
+        $n=$width-$i;
+        $i=int(($n+7)/8);
+        print $_.("\t" x $i).$num."\n";
+        $num++;
+        }
+
diff --git a/src/lib/libcrypto/util/x86asm.sh b/src/lib/libcrypto/util/x86asm.sh
new file mode 100644
index 0000000000..d2090a9849
--- /dev/null
+++ b/src/lib/libcrypto/util/x86asm.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+echo Generating x86 assember
+echo Bignum
+(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm)
+
+echo DES
+(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
+(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
+
+echo "crypt(3)"
+(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
+(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
+
+echo Blowfish
+(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
+(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
+
+echo CAST5
+(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
+(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
+
+echo RC4
+(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
+(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
+
+echo MD5
+(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
+(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
+
+echo SHA1
+(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
+(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
+
+echo RIPEMD160
+(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
+(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
+
+echo RC5/32
+(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
+(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)
diff --git a/src/lib/libcrypto/vms_rms.h b/src/lib/libcrypto/vms_rms.h
new file mode 100755
index 0000000000..00a00d993f
--- /dev/null
+++ b/src/lib/libcrypto/vms_rms.h
@@ -0,0 +1,51 @@
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif /* def NAML$C_MAXRSS [else] */
+
diff --git a/src/lib/libcrypto/whrlpool/Makefile b/src/lib/libcrypto/whrlpool/Makefile
new file mode 100644
index 0000000000..f4d46e4d17
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/Makefile
@@ -0,0 +1,96 @@
+#
+# crypto/whrlpool/Makefile
+#
+
+DIR=    whrlpool
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+WP_ASM_OBJ=wp_block.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=wp_test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=wp_dgst.c wp_block.c
+LIBOBJ=wp_dgst.o $(WP_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= whrlpool.h
+HEADER= wp_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+wp-mmx.s:       asm/wp-mmx.pl ../perlasm/x86asm.pl
+        $(PERL) asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+wp-x86_64.s: asm/wp-x86_64.pl
+        $(PERL) asm/wp-x86_64.pl $(PERLASM_SCHEME) > $@
+
+$(LIBOBJ): $(LIBSRC)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+wp_block.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+wp_block.o: ../../include/openssl/whrlpool.h wp_block.c wp_locl.h
+wp_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+wp_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+wp_dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+wp_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+wp_dgst.o: ../../include/openssl/whrlpool.h wp_dgst.c wp_locl.h
diff --git a/src/lib/libcrypto/whrlpool/wp_test.c b/src/lib/libcrypto/whrlpool/wp_test.c
new file mode 100644
index 0000000000..c68c2c62ca
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_test.c
@@ -0,0 +1,228 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/whrlpool.h>
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_NO_WHIRLPOOL)
+int main(int argc, char *argv[])
+{
+    printf("No Whirlpool support\n");
+    return(0);
+}
+#else
+
+/* ISO/IEC 10118-3 test vector set */
+unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x19,0xFA,0x61,0xD7,0x55,0x22,0xA4,0x66,
+        0x9B,0x44,0xE3,0x9C,0x1D,0x2E,0x17,0x26,
+        0xC5,0x30,0x23,0x21,0x30,0xD4,0x07,0xF8,
+        0x9A,0xFE,0xE0,0x96,0x49,0x97,0xF7,0xA7,
+        0x3E,0x83,0xBE,0x69,0x8B,0x28,0x8F,0xEB,
+        0xCF,0x88,0xE3,0xE0,0x3C,0x4F,0x07,0x57,
+        0xEA,0x89,0x64,0xE5,0x9B,0x63,0xD9,0x37,
+        0x08,0xB1,0x38,0xCC,0x42,0xA6,0x6E,0xB3 };
+
+unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x8A,0xCA,0x26,0x02,0x79,0x2A,0xEC,0x6F,
+        0x11,0xA6,0x72,0x06,0x53,0x1F,0xB7,0xD7,
+        0xF0,0xDF,0xF5,0x94,0x13,0x14,0x5E,0x69,
+        0x73,0xC4,0x50,0x01,0xD0,0x08,0x7B,0x42,
+        0xD1,0x1B,0xC6,0x45,0x41,0x3A,0xEF,0xF6,
+        0x3A,0x42,0x39,0x1A,0x39,0x14,0x5A,0x59,
+        0x1A,0x92,0x20,0x0D,0x56,0x01,0x95,0xE5,
+        0x3B,0x47,0x85,0x84,0xFD,0xAE,0x23,0x1A };
+
+unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x4E,0x24,0x48,0xA4,0xC6,0xF4,0x86,0xBB,
+        0x16,0xB6,0x56,0x2C,0x73,0xB4,0x02,0x0B,
+        0xF3,0x04,0x3E,0x3A,0x73,0x1B,0xCE,0x72,
+        0x1A,0xE1,0xB3,0x03,0xD9,0x7E,0x6D,0x4C,
+        0x71,0x81,0xEE,0xBD,0xB6,0xC5,0x7E,0x27,
+        0x7D,0x0E,0x34,0x95,0x71,0x14,0xCB,0xD6,
+        0xC7,0x97,0xFC,0x9D,0x95,0xD8,0xB5,0x82,
+        0xD2,0x25,0x29,0x20,0x76,0xD4,0xEE,0xF5 };
+
+unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x37,0x8C,0x84,0xA4,0x12,0x6E,0x2D,0xC6,
+        0xE5,0x6D,0xCC,0x74,0x58,0x37,0x7A,0xAC,
+        0x83,0x8D,0x00,0x03,0x22,0x30,0xF5,0x3C,
+        0xE1,0xF5,0x70,0x0C,0x0F,0xFB,0x4D,0x3B,
+        0x84,0x21,0x55,0x76,0x59,0xEF,0x55,0xC1,
+        0x06,0xB4,0xB5,0x2A,0xC5,0xA4,0xAA,0xA6,
+        0x92,0xED,0x92,0x00,0x52,0x83,0x8F,0x33,
+        0x62,0xE8,0x6D,0xBD,0x37,0xA8,0x90,0x3E };
+
+unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = {
+        0xF1,0xD7,0x54,0x66,0x26,0x36,0xFF,0xE9,
+        0x2C,0x82,0xEB,0xB9,0x21,0x2A,0x48,0x4A,
+        0x8D,0x38,0x63,0x1E,0xAD,0x42,0x38,0xF5,
+        0x44,0x2E,0xE1,0x3B,0x80,0x54,0xE4,0x1B,
+        0x08,0xBF,0x2A,0x92,0x51,0xC3,0x0B,0x6A,
+        0x0B,0x8A,0xAE,0x86,0x17,0x7A,0xB4,0xA6,
+        0xF6,0x8F,0x67,0x3E,0x72,0x07,0x86,0x5D,
+        0x5D,0x98,0x19,0xA3,0xDB,0xA4,0xEB,0x3B };
+
+unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = {
+        0xDC,0x37,0xE0,0x08,0xCF,0x9E,0xE6,0x9B,
+        0xF1,0x1F,0x00,0xED,0x9A,0xBA,0x26,0x90,
+        0x1D,0xD7,0xC2,0x8C,0xDE,0xC0,0x66,0xCC,
+        0x6A,0xF4,0x2E,0x40,0xF8,0x2F,0x3A,0x1E,
+        0x08,0xEB,0xA2,0x66,0x29,0x12,0x9D,0x8F,
+        0xB7,0xCB,0x57,0x21,0x1B,0x92,0x81,0xA6,
+        0x55,0x17,0xCC,0x87,0x9D,0x7B,0x96,0x21,
+        0x42,0xC6,0x5F,0x5A,0x7A,0xF0,0x14,0x67 };
+
+unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x46,0x6E,0xF1,0x8B,0xAB,0xB0,0x15,0x4D,
+        0x25,0xB9,0xD3,0x8A,0x64,0x14,0xF5,0xC0,
+        0x87,0x84,0x37,0x2B,0xCC,0xB2,0x04,0xD6,
+        0x54,0x9C,0x4A,0xFA,0xDB,0x60,0x14,0x29,
+        0x4D,0x5B,0xD8,0xDF,0x2A,0x6C,0x44,0xE5,
+        0x38,0xCD,0x04,0x7B,0x26,0x81,0xA5,0x1A,
+        0x2C,0x60,0x48,0x1E,0x88,0xC5,0xA2,0x0B,
+        0x2C,0x2A,0x80,0xCF,0x3A,0x9A,0x08,0x3B };
+
+unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x2A,0x98,0x7E,0xA4,0x0F,0x91,0x70,0x61,
+        0xF5,0xD6,0xF0,0xA0,0xE4,0x64,0x4F,0x48,
+        0x8A,0x7A,0x5A,0x52,0xDE,0xEE,0x65,0x62,
+        0x07,0xC5,0x62,0xF9,0x88,0xE9,0x5C,0x69,
+        0x16,0xBD,0xC8,0x03,0x1B,0xC5,0xBE,0x1B,
+        0x7B,0x94,0x76,0x39,0xFE,0x05,0x0B,0x56,
+        0x93,0x9B,0xAA,0xA0,0xAD,0xFF,0x9A,0xE6,
+        0x74,0x5B,0x7B,0x18,0x1C,0x3B,0xE3,0xFD };
+
+unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = {
+        0x0C,0x99,0x00,0x5B,0xEB,0x57,0xEF,0xF5,
+        0x0A,0x7C,0xF0,0x05,0x56,0x0D,0xDF,0x5D,
+        0x29,0x05,0x7F,0xD8,0x6B,0x20,0xBF,0xD6,
+        0x2D,0xEC,0xA0,0xF1,0xCC,0xEA,0x4A,0xF5,
+        0x1F,0xC1,0x54,0x90,0xED,0xDC,0x47,0xAF,
+        0x32,0xBB,0x2B,0x66,0xC3,0x4F,0xF9,0xAD,
+        0x8C,0x60,0x08,0xAD,0x67,0x7F,0x77,0x12,
+        0x69,0x53,0xB2,0x26,0xE4,0xED,0x8B,0x01 };
+
+int main (int argc,char *argv[])
+{ unsigned char md[WHIRLPOOL_DIGEST_LENGTH];
+  int           i;
+  WHIRLPOOL_CTX ctx;
+
+#ifdef OPENSSL_IA32_SSE2
+    /* Alternative to this is to call OpenSSL_add_all_algorithms...
+     * The below code is retained exclusively for debugging purposes. */
+    { char      *env;
+
+        if ((env=getenv("OPENSSL_ia32cap")))
+            OPENSSL_ia32cap = strtoul (env,NULL,0);
+    }
+#endif
+
+    fprintf(stdout,"Testing Whirlpool ");
+
+    WHIRLPOOL("",0,md);
+    if (memcmp(md,iso_test_1,sizeof(iso_test_1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL("a",1,md);
+    if (memcmp(md,iso_test_2,sizeof(iso_test_2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL("abc",3,md);
+    if (memcmp(md,iso_test_3,sizeof(iso_test_3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL("message digest",14,md);
+    if (memcmp(md,iso_test_4,sizeof(iso_test_4)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 4 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL("abcdefghijklmnopqrstuvwxyz",26,md);
+    if (memcmp(md,iso_test_5,sizeof(iso_test_5)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 5 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL(  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                "abcdefghijklmnopqrstuvwxyz"
+                "0123456789",62,md);
+    if (memcmp(md,iso_test_6,sizeof(iso_test_6)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 6 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL(  "1234567890""1234567890""1234567890""1234567890"
+                "1234567890""1234567890""1234567890""1234567890",80,md);
+    if (memcmp(md,iso_test_7,sizeof(iso_test_7)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 7 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk",32,md);
+    if (memcmp(md,iso_test_8,sizeof(iso_test_8)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 8 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+ 
+    WHIRLPOOL_Init (&ctx);
+    for (i=0;i<1000000;i+=288)
+        WHIRLPOOL_Update (&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<288?1000000-i:288);
+    WHIRLPOOL_Final (md,&ctx);
+    if (memcmp(md,iso_test_9,sizeof(iso_test_9)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 9 of 9 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile
new file mode 100644
index 0000000000..72c82278f4
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile
@@ -0,0 +1,407 @@
+#
+# OpenSSL/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c x509_vpm.c
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
+        x509name.o x509_v3.o x509_ext.o x509_att.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        x509_trs.o by_file.o by_dir.o x509_vpm.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/asn1.h
+by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_file.o: ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_att.o: ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_cmp.o: ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_d2.o: ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_err.o: ../../include/openssl/x509_vfy.h x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_ext.o: ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_lu.o: ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_trs.o: ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_v3.o: ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vfy.o: ../cryptlib.h x509_vfy.c
+x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vpm.o: ../cryptlib.h x509_vpm.c
+x509cset.o: ../../e_os.h ../../include/openssl/asn1.h
+x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509cset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/asn1.h
+x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/asn1.h
+x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/asn1.h
+x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index c6602dae4f..27ca5150c1 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 
         s=dir;
         p=s;
-        do
+        for (;;p++)
                 {
                 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                         {
@@ -264,7 +264,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                                 return 0;
                                 }
                         }
-                } while (*p++ != '\0');
+                if (*p == '\0')
+                        break;
+                }
         return 1;
         }
 
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 352aa37434..7c2aaee2e9 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -86,9 +86,10 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
         EVP_MD_CTX_init(&ctx);
         f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+        ret=strlen(f);
         if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                 goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
+        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
                 goto err;
         OPENSSL_free(f);
         if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
@@ -248,14 +249,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
         i2d_X509_NAME(x,NULL);
         EVP_MD_CTX_init(&md_ctx);
         EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
-            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
-            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
-                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                     )&0xffffffffL;
+        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+        EVP_DigestFinal_ex(&md_ctx,md,NULL);
         EVP_MD_CTX_cleanup(&md_ctx);
 
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                )&0xffffffffL;
         return(ret);
         }
 #endif
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 920066aeba..b0779db023 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -694,7 +694,6 @@ static int check_cert(X509_STORE_CTX *ctx)
         X509_CRL *crl = NULL, *dcrl = NULL;
         X509 *x;
         int ok, cnum;
-        unsigned int last_reasons;
         cnum = ctx->error_depth;
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
@@ -703,7 +702,6 @@ static int check_cert(X509_STORE_CTX *ctx)
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
-                last_reasons = ctx->current_reasons;
                 /* Try to retrieve relevant CRL */
                 if (ctx->get_crl)
                         ok = ctx->get_crl(ctx, &crl, x);
@@ -747,15 +745,6 @@ static int check_cert(X509_STORE_CTX *ctx)
                 X509_CRL_free(dcrl);
                 crl = NULL;
                 dcrl = NULL;
-                /* If reasons not updated we wont get anywhere by
-                 * another iteration, so exit loop.
-                 */
-                if (last_reasons == ctx->current_reasons)
-                        {
-                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-                        ok = ctx->verify_cb(0, ctx);
-                        goto err;
-                        }
                 }
         err:
         X509_CRL_free(crl);
@@ -883,7 +872,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         {
         ASN1_OCTET_STRING *exta, *extb;
         int i;
-        i = X509_CRL_get_ext_by_NID(a, nid, -1);
+        i = X509_CRL_get_ext_by_NID(a, nid, 0);
         if (i >= 0)
                 {
                 /* Can't have multiple occurrences */
@@ -894,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         else
                 exta = NULL;
 
-        i = X509_CRL_get_ext_by_NID(b, nid, -1);
+        i = X509_CRL_get_ext_by_NID(b, nid, 0);
 
         if (i >= 0)
                 {
@@ -1462,9 +1451,10 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
          * a certificate was revoked. This has since been changed since 
          * critical extension can change the meaning of CRL entries.
          */
-        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                && (crl->flags & EXFLAG_CRITICAL))
+        if (crl->flags & EXFLAG_CRITICAL)
                 {
+                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                        return 1;
                 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
                 ok = ctx->verify_cb(0, ctx);
                 if(!ok)
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index e06602d65a..b94aeeb873 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -97,7 +97,6 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
         {
-        x->cert_info->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                 x->cert_info->signature,
                 x->sig_alg, x->signature, x->cert_info, ctx);
@@ -124,7 +123,6 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
         {
-        x->crl->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
                 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
         }
diff --git a/src/lib/libcrypto/x509v3.cnf b/src/lib/libcrypto/x509v3.cnf
new file mode 100644
index 0000000000..8c6b775da1
--- /dev/null
+++ b/src/lib/libcrypto/x509v3.cnf
@@ -0,0 +1,29 @@
+# default settings
+CERTPATHLEN             = 1
+CERTUSAGE               = digitalSignature,keyCertSign,cRLSign
+EXTCERTUSAGE            = serverAuth,clientAuth
+CERTIP                  = 0.0.0.0
+CERTFQDN                = nohost.nodomain
+
+# This section should be referenced when building an x509v3 CA
+# Certificate.
+# The default path length and the key usage can be overriden
+# modified by setting the CERTPATHLEN and CERTUSAGE environment 
+# variables.
+[x509v3_CA]
+basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
+keyUsage=$ENV::CERTUSAGE
+
+# This section should be referenced to add an IP Address
+# as an alternate subject name, needed by isakmpd
+# The address must be provided in the CERTIP environment variable
+[x509v3_IPAddr]
+subjectAltName=IP:$ENV::CERTIP
+extendedKeyUsage=$ENV::EXTCERTUSAGE
+
+# This section should be referenced to add a FQDN hostname
+# as an alternate subject name, needed by isakmpd
+# The address must be provided in the CERTFQDN environment variable
+[x509v3_FQDN]
+subjectAltName=DNS:$ENV::CERTFQDN
+extendedKeyUsage=$ENV::EXTCERTUSAGE
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile
new file mode 100644
index 0000000000..556ef351bf
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/Makefile
@@ -0,0 +1,591 @@
+#
+# OpenSSL/crypto/x509v3/Makefile
+#
+
+DIR=    x509v3
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
+pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
+v3_asid.c v3_addr.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \
+pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \
+v3_asid.o v3_addr.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER) pcy_int.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pcy_cache.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_cache.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_cache.o: ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/opensslconf.h
+pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h
+pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h
+pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
+pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_node.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_node.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_node.o: pcy_int.h pcy_node.c
+pcy_tree.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_tree.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c
+v3_addr.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_addr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
+v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akeya.o: ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
+v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_asid.o: ../cryptlib.h v3_asid.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bcons.o: ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bitst.o: ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_conf.o: ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_enum.o: ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_extku.o: ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
+v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ncons.o: ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ncons.o: ../cryptlib.h v3_ncons.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
+v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
+v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
+v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pcons.o: ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcons.o: ../cryptlib.h v3_pcons.c
+v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pmaps.o: ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pmaps.o: ../cryptlib.h v3_pmaps.c
+v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_purp.o: ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_skey.o: ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_sxnet.o: ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3err.o: ../../include/openssl/x509v3.h v3err.c
diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c
new file mode 100644
index 0000000000..5ed6eb6891
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/tabtest.c
@@ -0,0 +1,88 @@
+/* tabtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple program to check the ext_dat.h is correct and print out
+ * problems if it is not.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+main()
+{
+        int i, prev = -1, bad = 0;
+        X509V3_EXT_METHOD **tmp;
+        i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
+        if(i != STANDARD_EXTENSION_COUNT)
+                fprintf(stderr, "Extension number invalid expecting %d\n", i);
+        tmp = standard_exts;
+        for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+                if((*tmp)->ext_nid < prev) bad = 1;
+                prev = (*tmp)->ext_nid;
+                
+        }
+        if(bad) {
+                tmp = standard_exts;
+                fprintf(stderr, "Extensions out of order!\n");
+                for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+                printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+        } else fprintf(stderr, "Order OK\n");
+}
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
new file mode 100644
index 0000000000..df46a4983b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -0,0 +1,1338 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) = 
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    return 4;
+  case IANA_AFI_IPV6:
+    return 16;
+  default:
+    return 0;
+  }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+{
+  return ((f != NULL &&
+           f->addressFamily != NULL &&
+           f->addressFamily->data != NULL)
+          ? ((f->addressFamily->data[0] << 8) |
+             (f->addressFamily->data[1]))
+          : 0);
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+                        const ASN1_BIT_STRING *bs,
+                        const int length,
+                        const unsigned char fill)
+{
+  if (bs->length < 0 || bs->length > length)
+    return 0;
+  if (bs->length > 0) {
+    memcpy(addr, bs->data, bs->length);
+    if ((bs->flags & 7) != 0) {
+      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+      if (fill == 0)
+        addr[bs->length - 1] &= ~mask;
+      else
+        addr[bs->length - 1] |= mask;
+    }
+  }
+  memset(addr + bs->length, fill, length - bs->length);
+  return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill,
+                       const ASN1_BIT_STRING *bs)
+{
+  unsigned char addr[ADDR_RAW_BUF_LEN];
+  int i, n;
+
+  if (bs->length < 0)
+    return 0;
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    if (!addr_expand(addr, bs, 4, fill))
+      return 0;
+    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+    break;
+  case IANA_AFI_IPV6:
+    if (!addr_expand(addr, bs, 16, fill))
+      return 0;
+    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
+      ;
+    for (i = 0; i < n; i += 2)
+      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
+    if (i < 16)
+      BIO_puts(out, ":");
+    if (i == 0)
+      BIO_puts(out, ":");
+    break;
+  default:
+    for (i = 0; i < bs->length; i++)
+      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+    BIO_printf(out, "[%d]", (int) (bs->flags & 7));
+    break;
+  }
+  return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+    BIO_printf(out, "%*s", indent, "");
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+        return 0;
+      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+      continue;
+    case IPAddressOrRange_addressRange:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+        return 0;
+      BIO_puts(out, "-");
+      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+        return 0;
+      BIO_puts(out, "\n");
+      continue;
+    }
+  }
+  return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
+                            void *ext,
+                            BIO *out,
+                            int indent)
+{
+  const IPAddrBlocks *addr = ext;
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    const unsigned int afi = v3_addr_get_afi(f);
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      BIO_printf(out, "%*sIPv4", indent, "");
+      break;
+    case IANA_AFI_IPV6:
+      BIO_printf(out, "%*sIPv6", indent, "");
+      break;
+    default:
+      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+      break;
+    }
+    if (f->addressFamily->length > 2) {
+      switch (f->addressFamily->data[2]) {
+      case   1:
+        BIO_puts(out, " (Unicast)");
+        break;
+      case   2:
+        BIO_puts(out, " (Multicast)");
+        break;
+      case   3:
+        BIO_puts(out, " (Unicast/Multicast)");
+        break;
+      case   4:
+        BIO_puts(out, " (MPLS)");
+        break;
+      case  64:
+        BIO_puts(out, " (Tunnel)");
+        break;
+      case  65:
+        BIO_puts(out, " (VPLS)");
+        break;
+      case  66:
+        BIO_puts(out, " (BGP MDT)");
+        break;
+      case 128:
+        BIO_puts(out, " (MPLS-labeled VPN)");
+        break;
+      default:  
+        BIO_printf(out, " (Unknown SAFI %u)",
+                   (unsigned) f->addressFamily->data[2]);
+        break;
+      }
+    }
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      BIO_puts(out, ": inherit\n");
+      break;
+    case IPAddressChoice_addressesOrRanges:
+      BIO_puts(out, ":\n");
+      if (!i2r_IPAddressOrRanges(out,
+                                 indent + 2,
+                                 f->ipAddressChoice->u.addressesOrRanges,
+                                 afi))
+        return 0;
+      break;
+    }
+  }
+  return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1.  If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b,
+                                const int length)
+{
+  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+  int prefixlen_a = 0, prefixlen_b = 0;
+  int r;
+
+  switch (a->type) {
+  case IPAddressOrRange_addressPrefix:
+    if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+      return -1;
+    prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+      return -1;
+    prefixlen_a = length * 8;
+    break;
+  }
+
+  switch (b->type) {
+  case IPAddressOrRange_addressPrefix:
+    if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+      return -1;
+    prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+      return -1;
+    prefixlen_b = length * 8;
+    break;
+  }
+
+  if ((r = memcmp(addr_a, addr_b, length)) != 0)
+    return r;
+  else
+    return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max,
+                                  const int length)
+{
+  unsigned char mask;
+  int i, j;
+
+  OPENSSL_assert(memcmp(min, max, length) <= 0);
+  for (i = 0; i < length && min[i] == max[i]; i++)
+    ;
+  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
+    ;
+  if (i < j)
+    return -1;
+  if (i > j)
+    return i * 8;
+  mask = min[i] ^ max[i];
+  switch (mask) {
+  case 0x01: j = 7; break;
+  case 0x03: j = 6; break;
+  case 0x07: j = 5; break;
+  case 0x0F: j = 4; break;
+  case 0x1F: j = 3; break;
+  case 0x3F: j = 2; break;
+  case 0x7F: j = 1; break;
+  default:   return -1;
+  }
+  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+    return -1;
+  else
+    return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr,
+                              const int prefixlen)
+{
+  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+  IPAddressOrRange *aor = IPAddressOrRange_new();
+
+  if (aor == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressPrefix;
+  if (aor->u.addressPrefix == NULL &&
+      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+    goto err;
+  aor->u.addressPrefix->flags &= ~7;
+  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (bitlen > 0) {
+    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+    aor->u.addressPrefix->flags |= 8 - bitlen;
+  }
+  
+  *result = aor;
+  return 1;
+
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max,
+                             const int length)
+{
+  IPAddressOrRange *aor;
+  int i, prefixlen;
+
+  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+    return make_addressPrefix(result, min, prefixlen);
+
+  if ((aor = IPAddressOrRange_new()) == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressRange;
+  OPENSSL_assert(aor->u.addressRange == NULL);
+  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->min == NULL &&
+      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->max == NULL &&
+      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+
+  for (i = length; i > 0 && min[i - 1] == 0x00; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+    goto err;
+  aor->u.addressRange->min->flags &= ~7;
+  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = min[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != 0) 
+      ++j;
+    aor->u.addressRange->min->flags |= 8 - j;
+  }
+
+  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+    goto err;
+  aor->u.addressRange->max->flags &= ~7;
+  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = max[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != (0xFFU >> j))
+      ++j;
+    aor->u.addressRange->max->flags |= 8 - j;
+  }
+
+  *result = aor;
+  return 1;
+
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+  IPAddressFamily *f;
+  unsigned char key[3];
+  unsigned keylen;
+  int i;
+
+  key[0] = (afi >> 8) & 0xFF;
+  key[1] = afi & 0xFF;
+  if (safi != NULL) {
+    key[2] = *safi & 0xFF;
+    keylen = 3;
+  } else {
+    keylen = 2;
+  }
+
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    f = sk_IPAddressFamily_value(addr, i);
+    OPENSSL_assert(f->addressFamily->data != NULL);
+    if (f->addressFamily->length == keylen &&
+        !memcmp(f->addressFamily->data, key, keylen))
+      return f;
+  }
+
+  if ((f = IPAddressFamily_new()) == NULL)
+    goto err;
+  if (f->ipAddressChoice == NULL &&
+      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+    goto err;
+  if (f->addressFamily == NULL && 
+      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+    goto err;
+  if (!sk_IPAddressFamily_push(addr, f))
+    goto err;
+
+  return f;
+
+ err:
+  IPAddressFamily_free(f);
+  return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+                        const unsigned afi,
+                        const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+       f->ipAddressChoice->u.addressesOrRanges != NULL))
+    return 0;
+  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+      f->ipAddressChoice->u.inherit != NULL)
+    return 1;
+  if (f->ipAddressChoice->u.inherit == NULL &&
+      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+    return 0;
+  f->ipAddressChoice->type = IPAddressChoice_inherit;
+  return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  IPAddressOrRanges *aors = NULL;
+
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+       f->ipAddressChoice->u.inherit != NULL))
+    return NULL;
+  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+  if (aors != NULL)
+    return aors;
+  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+    return NULL;
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    (void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+    break;
+  case IANA_AFI_IPV6:
+    (void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+    break;
+  }
+  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+  f->ipAddressChoice->u.addressesOrRanges = aors;
+  return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+                       const unsigned afi,
+                       const unsigned *safi,
+                       unsigned char *a,
+                       const int prefixlen)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Add a range.
+ */
+int v3_addr_add_range(IPAddrBlocks *addr,
+                      const unsigned afi,
+                      const unsigned *safi,
+                      unsigned char *min,
+                      unsigned char *max)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  int length = length_from_afi(afi);
+  if (aors == NULL)
+    return 0;
+  if (!make_addressRange(&aor, min, max, length))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+                            unsigned char *min,
+                            unsigned char *max,
+                            int length)
+{
+  if (aor == NULL || min == NULL || max == NULL)
+    return 0;
+  switch (aor->type) {
+  case IPAddressOrRange_addressPrefix:
+    return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+            addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+  case IPAddressOrRange_addressRange:
+    return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+            addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+  }
+  return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+                      const unsigned afi,
+                      unsigned char *min,
+                      unsigned char *max,
+                      const int length)
+{
+  int afi_length = length_from_afi(afi);
+  if (aor == NULL || min == NULL || max == NULL ||
+      afi_length == 0 || length < afi_length ||
+      (aor->type != IPAddressOrRange_addressPrefix &&
+       aor->type != IPAddressOrRange_addressRange) ||
+      !extract_min_max(aor, min, max, afi_length))
+    return 0;
+
+  return afi_length;
+}
+
+/*
+ * Sort comparision function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
+                               const IPAddressFamily * const *b_)
+{
+  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+  int len = ((a->length <= b->length) ? a->length : b->length);
+  int cmp = memcmp(a->data, b->data, len);
+  return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+  IPAddressOrRanges *aors;
+  int i, j, k;
+
+  /*
+   * Empty extension is cannonical.
+   */
+  if (addr == NULL)
+    return 1;
+
+  /*
+   * Check whether the top-level list is in order.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+    if (IPAddressFamily_cmp(&a, &b) >= 0)
+      return 0;
+  }
+
+  /*
+   * Top level's ok, now check each address family.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    int length = length_from_afi(v3_addr_get_afi(f));
+
+    /*
+     * Inheritance is canonical.  Anything other than inheritance or
+     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+     */
+    if (f == NULL || f->ipAddressChoice == NULL)
+      return 0;
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      continue;
+    case IPAddressChoice_addressesOrRanges:
+      break;
+    default:
+      return 0;
+    }
+
+    /*
+     * It's an IPAddressOrRanges sequence, check it.
+     */
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (sk_IPAddressOrRange_num(aors) == 0)
+      return 0;
+    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+      if (!extract_min_max(a, a_min, a_max, length) ||
+          !extract_min_max(b, b_min, b_max, length))
+        return 0;
+
+      /*
+       * Punt misordered list, overlapping start, or inverted range.
+       */
+      if (memcmp(a_min, b_min, length) >= 0 ||
+          memcmp(a_min, a_max, length) > 0 ||
+          memcmp(b_min, b_max, length) > 0)
+        return 0;
+
+      /*
+       * Punt if adjacent or overlapping.  Check for adjacency by
+       * subtracting one from b_min first.
+       */
+      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
+        ;
+      if (memcmp(a_max, b_min, length) >= 0)
+        return 0;
+
+      /*
+       * Check for range that should be expressed as a prefix.
+       */
+      if (a->type == IPAddressOrRange_addressRange &&
+          range_should_be_prefix(a_min, a_max, length) >= 0)
+        return 0;
+    }
+
+    /*
+     * Check range to see if it's inverted or should be a
+     * prefix.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+        if (!extract_min_max(a, a_min, a_max, length))
+          return 0;
+        if (memcmp(a_min, a_max, length) > 0 ||
+            range_should_be_prefix(a_min, a_max, length) >= 0)
+          return 0;
+      }
+    }
+  }
+
+  /*
+   * If we made it through all that, we're happy.
+   */
+  return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+  int i, j, length = length_from_afi(afi);
+
+  /*
+   * Sort the IPAddressOrRanges sequence.
+   */
+  sk_IPAddressOrRange_sort(aors);
+
+  /*
+   * Clean up representation issues, punt on duplicates or overlaps.
+   */
+  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+    if (!extract_min_max(a, a_min, a_max, length) ||
+        !extract_min_max(b, b_min, b_max, length))
+      return 0;
+
+    /*
+     * Punt inverted ranges.
+     */
+    if (memcmp(a_min, a_max, length) > 0 ||
+        memcmp(b_min, b_max, length) > 0)
+      return 0;
+
+    /*
+     * Punt overlaps.
+     */
+    if (memcmp(a_max, b_min, length) >= 0)
+      return 0;
+
+    /*
+     * Merge if a and b are adjacent.  We check for
+     * adjacency by subtracting one from b_min first.
+     */
+    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
+      ;
+    if (memcmp(a_max, b_min, length) == 0) {
+      IPAddressOrRange *merged;
+      if (!make_addressRange(&merged, a_min, b_max, length))
+        return 0;
+      (void) sk_IPAddressOrRange_set(aors, i, merged);
+      (void) sk_IPAddressOrRange_delete(aors, i + 1);
+      IPAddressOrRange_free(a);
+      IPAddressOrRange_free(b);
+      --i;
+      continue;
+    }
+  }
+
+  /*
+   * Check for inverted final range.
+   */
+  j = sk_IPAddressOrRange_num(aors) - 1;
+  {
+    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+    if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+      unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+      extract_min_max(a, a_min, a_max, length);
+      if (memcmp(a_min, a_max, length) > 0)
+        return 0;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int v3_addr_canonize(IPAddrBlocks *addr)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+        !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
+                                    v3_addr_get_afi(f)))
+      return 0;
+  }
+  (void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+  sk_IPAddressFamily_sort(addr);
+  OPENSSL_assert(v3_addr_is_canonical(addr));
+  return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+  static const char v4addr_chars[] = "0123456789.";
+  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+  IPAddrBlocks *addr = NULL;
+  char *s = NULL, *t;
+  int i;
+  
+  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+    unsigned afi, *safi = NULL, safi_;
+    const char *addr_chars;
+    int prefixlen, i1, i2, delim, length;
+
+    if (       !name_cmp(val->name, "IPv4")) {
+      afi = IANA_AFI_IPV4;
+    } else if (!name_cmp(val->name, "IPv6")) {
+      afi = IANA_AFI_IPV6;
+    } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+      afi = IANA_AFI_IPV4;
+      safi = &safi_;
+    } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+      afi = IANA_AFI_IPV6;
+      safi = &safi_;
+    } else {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      addr_chars = v4addr_chars;
+      break;
+    case IANA_AFI_IPV6:
+      addr_chars = v6addr_chars;
+      break;
+    }
+
+    length = length_from_afi(afi);
+
+    /*
+     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+     * the other input values.
+     */
+    if (safi != NULL) {
+      *safi = strtoul(val->value, &t, 0);
+      t += strspn(t, " \t");
+      if (*safi > 0xFF || *t++ != ':') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      t += strspn(t, " \t");
+      s = BUF_strdup(t);
+    } else {
+      s = BUF_strdup(val->value);
+    }
+    if (s == NULL) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+
+    /*
+     * Check for inheritance.  Not worth additional complexity to
+     * optimize this (seldom-used) case.
+     */
+    if (!strcmp(s, "inherit")) {
+      if (!v3_addr_add_inherit(addr, afi, safi)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      OPENSSL_free(s);
+      s = NULL;
+      continue;
+    }
+
+    i1 = strspn(s, addr_chars);
+    i2 = i1 + strspn(s + i1, " \t");
+    delim = s[i2++];
+    s[i1] = '\0';
+
+    if (a2i_ipadd(min, s) != length) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    switch (delim) {
+    case '/':
+      prefixlen = (int) strtoul(s + i2, &t, 10);
+      if (t == s + i2 || *t != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '-':
+      i1 = i2 + strspn(s + i2, " \t");
+      i2 = i1 + strspn(s + i1, addr_chars);
+      if (i1 == i2 || s[i2] != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (a2i_ipadd(max, s + i1) != length) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (memcmp(min, max, length_from_afi(afi)) > 0) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '\0':
+      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    default:
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    OPENSSL_free(s);
+    s = NULL;
+  }
+
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_addr_canonize(addr))
+    goto err;    
+  return addr;
+
+ err:
+  OPENSSL_free(s);
+  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+  return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+  NID_sbgp_ipAddrBlock,         /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(IPAddrBlocks),  /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_IPAddrBlocks,             /* v2i */
+  i2r_IPAddrBlocks,             /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int v3_addr_inherits(IPAddrBlocks *addr)
+{
+  int i;
+  if (addr == NULL)
+    return 0;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+      return 1;
+  }
+  return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child,
+                         int length)
+{
+  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+  int p, c;
+
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+
+  p = 0;
+  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+    if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                         c_min, c_max, length))
+      return -1;
+    for (;; p++) {
+      if (p >= sk_IPAddressOrRange_num(parent))
+        return 0;
+      if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                           p_min, p_max, length))
+        return 0;
+      if (memcmp(p_max, c_max, length) < 0)
+        continue;
+      if (memcmp(p_min, c_min, length) > 0)
+        return 0;
+      break;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+  int i;
+  if (a == NULL || a == b)
+    return 1;
+  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+    return 0;
+  (void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+    int j = sk_IPAddressFamily_find(b, fa);
+    IPAddressFamily *fb;
+    fb = sk_IPAddressFamily_value(b, j);
+    if (fb == NULL)
+       return 0;
+    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
+                       fa->ipAddressChoice->u.addressesOrRanges,
+                       length_from_afi(v3_addr_get_afi(fb))))
+      return 0;
+  }
+  return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ */
+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          IPAddrBlocks *ext)
+{
+  IPAddrBlocks *child = NULL;
+  int i, j, ret = 1;
+  X509 *x;
+
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+    x = NULL;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    OPENSSL_assert(x != NULL);
+    if ((ext = x->rfc3779_addr) == NULL)
+      goto done;
+  }
+  if (!v3_addr_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  (void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
+    ret = 0;
+    goto done;
+  }
+
+  /*
+   * Now walk up the chain.  No cert may list resources that its
+   * parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    OPENSSL_assert(x != NULL);
+    if (!v3_addr_is_canonical(x->rfc3779_addr))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_addr == NULL) {
+      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+        IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+        if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+      }
+      continue;
+    }
+    (void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
+    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
+      if (fp == NULL) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+        continue;
+      }
+      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
+            addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
+                          fc->ipAddressChoice->u.addressesOrRanges,
+                          length_from_afi(v3_addr_get_afi(fc))))
+          sk_IPAddressFamily_set(child, j, fp);
+        else
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+
+  /*
+   * Trust anchor can't inherit.
+   */
+  OPENSSL_assert(x != NULL);
+  if (x->rfc3779_addr != NULL) {
+    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
+      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
+          sk_IPAddressFamily_find(child, fp) >= 0)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+  }
+
+ done:
+  sk_IPAddressFamily_free(child);
+  return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_addr_inherits(ext))
+    return 0;
+  return v3_addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index d29d94338e..91aefcddc1 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -153,9 +153,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                 BIO_snprintf(htmp, sizeof htmp,
                                              "%X", p[0] << 8 | p[1]);
                                 p += 2;
-                                strcat(oline, htmp);
+                                strlcat(oline, htmp, sizeof(oline));
                                 if (i != 7)
-                                        strcat(oline, ":");
+                                        strlcat(oline, ":", sizeof(oline));
                                 }
                         }
                 else
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
new file mode 100644
index 0000000000..1587e8ed72
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -0,0 +1,890 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent,
+                                  const char *msg)
+{
+  int i;
+  char *s;
+  if (choice == NULL)
+    return 1;
+  BIO_printf(out, "%*s%s:\n", indent, "", msg);
+  switch (choice->type) {
+  case ASIdentifierChoice_inherit:
+    BIO_printf(out, "%*sinherit\n", indent + 2, "");
+    break;
+  case ASIdentifierChoice_asIdsOrRanges:
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+      switch (aor->type) {
+      case ASIdOrRange_id:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+        OPENSSL_free(s);
+        break;
+      case ASIdOrRange_range:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s-", indent + 2, "", s);
+        OPENSSL_free(s);
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+          return 0;
+        BIO_printf(out, "%s\n", s);
+        OPENSSL_free(s);
+        break;
+      default:
+        return 0;
+      }
+    }
+    break;
+  default:
+    return 0;
+  }
+  return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
+                             void *ext,
+                             BIO *out,
+                             int indent)
+{
+  ASIdentifiers *asid = ext;
+  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                 "Autonomous System Numbers") &&
+          i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                 "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparision function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
+                           const ASIdOrRange * const *b_)
+{
+  const ASIdOrRange *a = *a_, *b = *b_;
+
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+         (a->type == ASIdOrRange_range && a->u.range != NULL &&
+          a->u.range->min != NULL && a->u.range->max != NULL));
+
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+         (b->type == ASIdOrRange_range && b->u.range != NULL &&
+          b->u.range->min != NULL && b->u.range->max != NULL));
+
+  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
+  }
+
+  if (a->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+  else
+    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+  ASIdentifierChoice **choice;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    OPENSSL_assert((*choice)->u.inherit == NULL);
+    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_inherit;
+  }
+  return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int v3_asid_add_id_or_range(ASIdentifiers *asid,
+                            int which,
+                            ASN1_INTEGER *min,
+                            ASN1_INTEGER *max)
+{
+  ASIdentifierChoice **choice;
+  ASIdOrRange *aor;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+    return 0;
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+    if ((*choice)->u.asIdsOrRanges == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+  }
+  if ((aor = ASIdOrRange_new()) == NULL)
+    return 0;
+  if (max == NULL) {
+    aor->type = ASIdOrRange_id;
+    aor->u.id = min;
+  } else {
+    aor->type = ASIdOrRange_range;
+    if ((aor->u.range = ASRange_new()) == NULL)
+      goto err;
+    ASN1_INTEGER_free(aor->u.range->min);
+    aor->u.range->min = min;
+    ASN1_INTEGER_free(aor->u.range->max);
+    aor->u.range->max = max;
+  }
+  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+    goto err;
+  return 1;
+
+ err:
+  ASIdOrRange_free(aor);
+  return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static void extract_min_max(ASIdOrRange *aor,
+                            ASN1_INTEGER **min,
+                            ASN1_INTEGER **max)
+{
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+  switch (aor->type) {
+  case ASIdOrRange_id:
+    *min = aor->u.id;
+    *max = aor->u.id;
+    return;
+  case ASIdOrRange_range:
+    *min = aor->u.range->min;
+    *max = aor->u.range->max;
+    return;
+  }
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+
+  /*
+   * Empty element or inheritance is canonical.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+
+  /*
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+    return 0;
+
+  /*
+   * It's a list, check it.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+
+    /*
+     * Punt misordered list, overlapping start, or inverted range.
+     */
+    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+        ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+        ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * Punt if adjacent or overlapping.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+      goto done;
+  }
+
+  /*
+   * Check for inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+        goto done;
+    }
+  }
+
+  ret = 1;
+
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int v3_asid_is_canonical(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) &&
+           ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+
+  /*
+   * Nothing to do for empty element or inheritance.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+
+  /*
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+              X509V3_R_EXTENSION_VALUE_ERROR);
+    return 0;
+  }
+
+  /*
+   * We have a non-empty list.  Sort it.
+   */
+  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+  /*
+   * Now check for errors and suboptimal encoding, rejecting the
+   * former and fixing the latter.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+
+    /*
+     * Make sure we're properly sorted (paranoia).
+     */
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+    /*
+     * Punt inverted ranges.
+     */
+    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+        ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+
+    /*
+     * Check for overlaps.
+     */
+    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                X509V3_R_EXTENSION_VALUE_ERROR);
+      goto done;
+    }
+
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * If a and b are adjacent, merge them.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+      ASRange *r;
+      switch (a->type) {
+      case ASIdOrRange_id:
+        if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+          X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                    ERR_R_MALLOC_FAILURE);
+          goto done;
+        }
+        r->min = a_min;
+        r->max = b_max;
+        a->type = ASIdOrRange_range;
+        a->u.range = r;
+        break;
+      case ASIdOrRange_range:
+        ASN1_INTEGER_free(a->u.range->max);
+        a->u.range->max = b_max;
+        break;
+      }
+      switch (b->type) {
+      case ASIdOrRange_id:
+        b->u.id = NULL;
+        break;
+      case ASIdOrRange_range:
+        b->u.range->max = NULL;
+        break;
+      }
+      ASIdOrRange_free(b);
+      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      i--;
+      continue;
+    }
+  }
+
+  /*
+   * Check for final inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+        goto done;
+    }
+  }
+
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+
+  ret = 1;
+
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int v3_asid_canonize(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_canonize(asid->asnum) &&
+           ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+  ASN1_INTEGER *min = NULL, *max = NULL;
+  ASIdentifiers *asid = NULL;
+  int i;
+
+  if ((asid = ASIdentifiers_new()) == NULL) {
+    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    int i1, i2, i3, is_range, which;
+
+    /*
+     * Figure out whether this is an AS or an RDI.
+     */
+    if (       !name_cmp(val->name, "AS")) {
+      which = V3_ASID_ASNUM;
+    } else if (!name_cmp(val->name, "RDI")) {
+      which = V3_ASID_RDI;
+    } else {
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    /*
+     * Handle inheritance.
+     */
+    if (!strcmp(val->value, "inherit")) {
+      if (v3_asid_add_inherit(asid, which))
+        continue;
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
+      X509V3_conf_err(val);
+      goto err;
+    }
+
+    /*
+     * Number, range, or mistake, pick it apart and figure out which.
+     */
+    i1 = strspn(val->value, "0123456789");
+    if (val->value[i1] == '\0') {
+      is_range = 0;
+    } else {
+      is_range = 1;
+      i2 = i1 + strspn(val->value + i1, " \t");
+      if (val->value[i2] != '-') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      i2++;
+      i2 = i2 + strspn(val->value + i2, " \t");
+      i3 = i2 + strspn(val->value + i2, "0123456789");
+      if (val->value[i3] != '\0') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+    }
+
+    /*
+     * Syntax is ok, read and add it.
+     */
+    if (!is_range) {
+      if (!X509V3_get_value_int(val, &min)) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+    } else {
+      char *s = BUF_strdup(val->value);
+      if (s == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      s[i1] = '\0';
+      min = s2i_ASN1_INTEGER(NULL, s);
+      max = s2i_ASN1_INTEGER(NULL, s + i2);
+      OPENSSL_free(s);
+      if (min == NULL || max == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      if (ASN1_INTEGER_cmp(min, max) > 0) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
+        goto err;
+      }
+    }
+    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+    min = max = NULL;
+  }
+
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_asid_canonize(asid))
+    goto err;
+  return asid;
+
+ err:
+  ASIdentifiers_free(asid);
+  ASN1_INTEGER_free(min);
+  ASN1_INTEGER_free(max);
+  return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+  NID_sbgp_autonomousSysNum,    /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(ASIdentifiers), /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_ASIdentifiers,            /* v2i */
+  i2r_ASIdentifiers,            /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int v3_asid_inherits(ASIdentifiers *asid)
+{
+  return (asid != NULL &&
+          ((asid->asnum != NULL &&
+            asid->asnum->type == ASIdentifierChoice_inherit) ||
+           (asid->rdi != NULL &&
+            asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+  int p, c;
+
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+
+  p = 0;
+  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+    for (;; p++) {
+      if (p >= sk_ASIdOrRange_num(parent))
+        return 0;
+      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+        continue;
+      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+        return 0;
+      break;
+    }
+  }
+
+  return 1;
+}
+
+/*
+ * Test whether a is a subet of b.
+ */
+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+  return (a == NULL ||
+          a == b ||
+          (b != NULL &&
+           !v3_asid_inherits(a) &&
+           !v3_asid_inherits(b) &&
+           asid_contains(b->asnum->u.asIdsOrRanges,
+                         a->asnum->u.asIdsOrRanges) &&
+           asid_contains(b->rdi->u.asIdsOrRanges,
+                         a->rdi->u.asIdsOrRanges)));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          ASIdentifiers *ext)
+{
+  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+  X509 *x;
+
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+    x = NULL;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    OPENSSL_assert(x != NULL);
+    if ((ext = x->rfc3779_asid) == NULL)
+      goto done;
+  }
+  if (!v3_asid_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  if (ext->asnum != NULL)  {
+    switch (ext->asnum->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_as = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_as = ext->asnum->u.asIdsOrRanges;
+      break;
+    }
+  }
+  if (ext->rdi != NULL) {
+    switch (ext->rdi->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_rdi = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_rdi = ext->rdi->u.asIdsOrRanges;
+      break;
+    }
+  }
+
+  /*
+   * Now walk up the chain.  Extensions must be in canonical form, no
+   * cert may list resources that its parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    OPENSSL_assert(x != NULL);
+    if (x->rfc3779_asid == NULL) {
+      if (child_as != NULL || child_rdi != NULL)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      continue;
+    }
+    if (!v3_asid_is_canonical(x->rfc3779_asid))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_as = NULL;
+      inherit_as = 0;
+    }
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_as ||
+          asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
+        child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+        inherit_as = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_rdi = NULL;
+      inherit_rdi = 0;
+    }
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_rdi ||
+          asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
+        child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+        inherit_rdi = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+
+  /*
+   * Trust anchor can't inherit.
+   */
+  OPENSSL_assert(x != NULL);
+  if (x->rfc3779_asid != NULL) {
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+  }
+
+ done:
+  return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                  ASIdentifiers *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_asid_inherits(ext))
+    return 0;
+  return v3_asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index ad688657e0..181bd34979 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x)
         for (i = 0; i < X509_get_ext_count(x); i++)
                 {
                 ex = X509_get_ext(x, i);
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
                 if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
                                         == NID_freshest_crl)
                         x->ex_flags |= EXFLAG_FRESHEST;
-                if (!X509_EXTENSION_get_critical(ex))
-                        continue;
                 if (!X509_supported_extension(ex))
                         {
                         x->ex_flags |= EXFLAG_CRITICAL;
diff --git a/src/lib/libcrypto/x509v3/v3conf.c b/src/lib/libcrypto/x509v3/v3conf.c
new file mode 100644
index 0000000000..a9e6ca3542
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3conf.c
@@ -0,0 +1,127 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+        LHASH *conf;
+        X509 *cert;
+        FILE *inf;
+        char *conf_file;
+        int i;
+        int count;
+        X509_EXTENSION *ext;
+        X509V3_add_standard_extensions();
+        ERR_load_crypto_strings();
+        if(!argv[1]) {
+                fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+                exit(1);
+        }
+        conf_file = argv[2];
+        if(!conf_file) conf_file = "test.cnf";
+        conf = CONF_load(NULL, "test.cnf", NULL);
+        if(!conf) {
+                fprintf(stderr, "Error opening Config file %s\n", conf_file);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+
+        inf = fopen(argv[1], "r");
+        if(!inf) {
+                fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+                exit(1);
+        }
+        cert = PEM_read_X509(inf, NULL, NULL);
+        if(!cert) {
+                fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+                exit(1);
+        }
+        fclose(inf);
+
+        sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+        cert->cert_info->extensions = NULL;
+
+        if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+                fprintf(stderr, "Error adding extensions\n");
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+
+        count = X509_get_ext_count(cert);
+        printf("%d extensions\n", count);
+        for(i = 0; i < count; i++) {
+                ext = X509_get_ext(cert, i);
+                printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+                if(ext->critical) printf(",critical:\n");
+                else printf(":\n");
+                X509V3_EXT_print_fp(stdout, ext, 0, 0);
+                printf("\n");
+                
+        }
+        return 0;
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3prin.c b/src/lib/libcrypto/x509v3/v3prin.c
new file mode 100644
index 0000000000..d5ff268296
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3prin.c
@@ -0,0 +1,99 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int main(int argc, char **argv)
+{
+        X509 *cert;
+        FILE *inf;
+        int i, count;
+        X509_EXTENSION *ext;
+        X509V3_add_standard_extensions();
+        ERR_load_crypto_strings();
+        if(!argv[1]) {
+                fprintf(stderr, "Usage v3prin cert.pem\n");
+                exit(1);
+        }
+        if(!(inf = fopen(argv[1], "r"))) {
+                fprintf(stderr, "Can't open %s\n", argv[1]);
+                exit(1);
+        }
+        if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+                fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+        fclose(inf);
+        count = X509_get_ext_count(cert);
+        printf("%d extensions\n", count);
+        for(i = 0; i < count; i++) {
+                ext = X509_get_ext(cert, i);
+                printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+                if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
+                printf("\n");
+                
+        }
+        return 0;
+}
diff --git a/src/lib/libcrypto/x86_64cpuid.pl b/src/lib/libcrypto/x86_64cpuid.pl
index 6ebfd017ea..7b7b93b223 100644
--- a/src/lib/libcrypto/x86_64cpuid.pl
+++ b/src/lib/libcrypto/x86_64cpuid.pl
@@ -11,8 +11,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
+open STDOUT,"| $^X $xlate $flavour $output";
 
 ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
                                  ("%rdi","%rsi","%rdx","%rcx"); # Unix order